[Greylist-users] What timeouts should be used with greylisting

[martin dempsey]

> I used to think you could hurt spammers by making them waste
> bandwidth, but I no longer believe that.  Spammers can take advantage
> of proxies, open-relays, and in the future, probably even rooted and
> 0wned machines to send spam on their behalf.

But greylisting is only part of the answer. Existing real time black lists 
can handle proxies, open-relays and compromised machines especially if 
greylisting gives them a one hour head start.

The number of open-relays on the internet is dropping. Partially due to 
education and partially due to new software that is set by default not to be 
an open-relay. I think a couple more years and the open-relay problem will be 
mostly solved except for a small percentage caused by human error that will 
be noticed and corrected after some time period.

RBLs make spammers need to change IP addresses after a short period of time.  
With RBLs, new IP addresses are very valuable at first and decline  in 
usefulness over time as they are added to black lists. 

Greylists make changing addresses painful. And limit the effectiveness of a 
new IP address at exactly the time the RBL can't stop it.

RBLs are weak when new ip addresses are used to spam. Greylists are weak when 
the same ip address is used for repeated spam. Combined they can work better 
than either alone since each attacks the others weakness.