[Greylist-users] Some more data points

Scott Nelson scott at spamwolf.com
Tue Jul 1 09:36:46 PDT 2003

Results of my testing so far;
Out of 1102 attempts, 515 succeeded.  Roughly 50%
Most of those successes seemed to come near the end of my trial.

Either I've goofed up somehow, or some spammers have already 
adapted to greylisting.  
Has anyone else noticed a sudden increase?

A couple of notes;

In other tests I ran, there was a marked difference in successes 
rates when tempfailing after the RCPT rather than after DATA.
Eyeballing my logs, I notice a lot of instant retries on a different
IPs after failure, usually three times.
My guess is that this is an attempt by the spammer to deal with
block lists.  It presumably results in slightly inflated figures 
for tempfail after RCPT, because the extra attempts wouldn't be
done if the first had succeeded.

It occurs to me that an unscrupulous anti-spam company could improve 
their spam catching /percentages/ by spamming themselves,
without actually reducing the amount of spam delivered.
I.e. instead of catching 95 out of a 100, 
they could catch 995 out of 1000.  99.5% vs 95%, 
but either way, 5 spams get through.

If I do any future testing, I plan to compare results against
a control group.  Comparing the total number of spam actually received 
at addresses that have whatever anti-spam technique, to spam received 
at addresses that do not.  It's more work, but I think it's necessary.

Scott Nelson <scott at spamwolf.com>

More information about the Greylist-users mailing list