[Greylist-users] Another idea for greylisting (fwd)

Evan Harris eharris at puremagic.com
Sun Jun 22 14:05:25 PDT 2003 

> I had another idea for graylisting; I posted it on comp.mail.misc.  Here's
> a copy for you to think about.

Thanks.  You have the honor of being the first (albeit indirect) post on the
new list.

> The very *first* time you see a new "relationship", do the tempfail after
> the end of the DATA phase, and then you have the mail to inspect.  You
> can then send it to DCC, Razor, etc.
>
> For the next hour, you tempfail on the RCPT command (because you already have
> the mail body), and after that you allow processing.
>
> This gives Razor, DCC, etc. a one-hour headstart before anyone actually
> gets any mail.

I think this is a very good idea.  It uses existing methods for
collaborating on finding spam, and is exactly why the hour long (or however
locally configured) delay was put in there.

However, since greylisting is not yet widely distributed, people that use
greylisting with a recent spamassassin are already getting almost all of the
benefits of this (since any significant spam run will already be populated
in those databases).  But turning something that may have a manual
component into something automated is a good idea.

My original idea for the hour was to simply look at distributed traffic
patterns to discover spam, but since a method for doing that isn't already
developed (AFAIK), this sounds like a great enhancement.

The drawback is that it requires some network traffic and more local
processing, but if you are already using these systems for blocking spam
(for example, through spamassassin), then those costs are probably not a
worry.  That, and things like spamassassin currently only give a moderate
boost to the spam-score based on these (DCC is around +3 if not using bayes,
Razor is around +2 if not using bayes).  For those of you not familiar with
spamassassin's scoring, levels over 10 or 15 are a pretty high confidence of
spam.

I think I may have to try to add this to the code.  Unfortunately, it will
only become really useful when more people have started using greylisting.

Evan

More information about the Greylist-users mailing list