[Greylist-users] Final results of my test.
scott at spamwolf.com
Thu Aug 28 01:24:03 PDT 2003
I'm recently ran a test of greylisting on some of my spamtrap addresses.
Caveats: the addresses are presumed to only receive spam, and they
are not a "random uncorrelated" sample, but it is hoped that the
correlations do not contaminate the results.
Any of those assumptions could be wrong, and the possibility that
I've made some horrible error should not be discounted.
I split 200 addresses into four group of 50 each,
by sorting alphabetically, and then alternating down the list.
I call them spam0, spam1, spam2 and spam3.
For the first part of the test, (2003-07-13 23:59 to 2003-08-01 10:20)
spam2 and spam3 were greylisting, spam0 and spam1 were not.
In the second part, (2003-08-01 14:17 to 2003-08-21 09:32)
spam2 and spam0 were greylisting, spam3 and spam1 were not.
Spam0 - 310 267
Spam1 - 494 366
Spam2 - 1330 1077
Spam3 - 1900 1113
Emails accepted/unique senders emails accepted
Spam0 - 310, 290 47, 25
Spam1 - 494, 404 366, 297
Spam2 - 268, 129 247, 122
Spam3 - 120, 111 1113, 1068
spam0 - 0 220
spam1 - 0 0
spam2 - 1062 830
spam3 - 1780 0
Note that these addresses get considerably less spam than the
"average" mailbox, and the numbers are relatively small,
so the error margins are probably large. Still, a good rule of
thumb is +/- the square root of the number which translates
to +/- 10% for these numbers.
If we do /nothing/ but greylisting, it stops between 80-95% of all spam attempts.
Blocking semi-legitimate mailing lists (for example, equalamail.deliveroffers.com)
increases this to 91-97%. In theory "unsubscribing" should give the same
benefit, but I have tried to unsubscribe from many of these jokers without
I was originally concerned that there appeared to be a significant
increase in the number of attempts, and that greylisting might
not have been as effective in decreasing in /total/ spam volume
as the numbers suggested. There is an increase, but it's not
as large as I first thought, and the increase is close to the
expected error rate. Even adjusting for this by assuming the worst,
greylisting is still better than 75% effective.
DNSBLs of some of the addresses was done, but due to an error,
only IPs which actually passed greylisting were checked.
I'll be posting that information shortly.
Scott Nelson <scott at spamwolf.com>
More information about the Greylist-users