[Greylist-users] Final results of my test.

Thu Aug 28 01:24:03 PDT 2003

I'm recently ran a test of greylisting on some of my spamtrap addresses.

Caveats: the addresses are presumed to only receive spam, and they
are not a "random uncorrelated" sample, but it is hoped that the
correlations do not contaminate the results.  
Any of those assumptions could be wrong, and the possibility that 
I've made some horrible error should not be discounted.

I split 200 addresses into four group of 50 each,
by sorting alphabetically, and then alternating down the list.
I call them spam0, spam1, spam2 and spam3.

For the first part of the test, (2003-07-13 23:59 to 2003-08-01 10:20)
spam2 and spam3 were greylisting, spam0 and spam1 were not.
In the second part, (2003-08-01 14:17 to 2003-08-21 09:32)
spam2 and spam0 were greylisting, spam3 and spam1 were not.

Total RCPTs
Spam0 - 310                          267
Spam1 - 494                          366
Spam2 - 1330                        1077
Spam3 - 1900                        1113

Emails accepted/unique senders emails accepted
Spam0 - 310, 290                47,   25
Spam1 - 494, 404               366,  297
Spam2 - 268, 129               247,  122
Spam3 - 120, 111              1113, 1068

Total deferred
spam0 - 0                            220
spam1 - 0                              0
spam2 - 1062                         830
spam3 - 1780                           0

***************
Parsed results;
Note that these addresses get considerably less spam than the
"average" mailbox, and the numbers are relatively small,
so the error margins are probably large.  Still, a good rule of
thumb is +/- the square root of the number which translates 
to +/- 10% for these numbers.

If we do /nothing/ but greylisting, it stops between 80-95% of all spam attempts.
Blocking semi-legitimate mailing lists (for example, equalamail.deliveroffers.com)
increases this to 91-97%.  In theory "unsubscribing" should give the same
benefit, but I have tried to unsubscribe from many of these jokers without
success.  

I was originally concerned that there appeared to be a significant 
increase in the number of attempts, and that greylisting might
not have been as effective in decreasing in /total/ spam volume
as the numbers suggested.  There is an increase, but it's not
as large as I first thought, and the increase is close to the 
expected error rate.  Even adjusting for this by assuming the worst, 
greylisting is still better than 75% effective.

DNSBLs of some of the addresses was done, but due to an error,
only IPs which actually passed greylisting were checked.
I'll be posting that information shortly.

Scott Nelson <scott at spamwolf.com>