[Greylist-users] Some more data points

Eirik Oeverby ltning at anduin.net
Tue Jul 1 19:18:18 PDT 2003


Hey,

I am not doing any systematic testing, but I have interviewed a few of
my users about what they notice. Common to all of them (including
myself) is that the only anti-spam measure they were using before was
the spamhaus RBL. Now after having greylisting for about 5 days, I have
seen that my daily spam has been reduced from ~30 per 24h to 0. That's
an OK number. My other users have reported exactly the same. From the 5
users I have interviewed, where I am the one usually receiving *least*
spam, the results are consistent: No spam is getting through so far.

Another interesting observation comes from my firewall: The traffic to
my mailserver has been reduced quite significantly aswell - it went down
from ~300 MB/24h to ~50 MB/24h 'overnight', and has wobbled steadily
between 45 and 55 MB/24h since then.

I hope this lasts...

/Eirik


On Tue, 01 Jul 2003 08:36:46 -0700
Scott Nelson <scott at spamwolf.com> wrote:

> 
> Results of my testing so far;
> Out of 1102 attempts, 515 succeeded.  Roughly 50%
> Most of those successes seemed to come near the end of my trial.
> 
> Either I've goofed up somehow, or some spammers have already 
> adapted to greylisting.  
> Has anyone else noticed a sudden increase?
> 
> 
> A couple of notes;
> 
> In other tests I ran, there was a marked difference in successes 
> rates when tempfailing after the RCPT rather than after DATA.
> Eyeballing my logs, I notice a lot of instant retries on a different
> IPs after failure, usually three times.
> My guess is that this is an attempt by the spammer to deal with
> block lists.  It presumably results in slightly inflated figures 
> for tempfail after RCPT, because the extra attempts wouldn't be
> done if the first had succeeded.
> 
> It occurs to me that an unscrupulous anti-spam company could improve 
> their spam catching /percentages/ by spamming themselves,
> without actually reducing the amount of spam delivered.
> I.e. instead of catching 95 out of a 100, 
> they could catch 995 out of 1000.  99.5% vs 95%, 
> but either way, 5 spams get through.
> 
> If I do any future testing, I plan to compare results against
> a control group.  Comparing the total number of spam actually received
> 
> at addresses that have whatever anti-spam technique, to spam received 
> at addresses that do not.  It's more work, but I think it's necessary.
> 
> 
> Scott Nelson <scott at spamwolf.com>
> _______________________________________________
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
> http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.puremagic.com/pipermail/greylist-users/attachments/20030701/3fc8d86b/attachment.bin


More information about the Greylist-users mailing list