[Greylist-users] What timeouts should be used with greylisting
mjd at digitaleveryware.com
Wed Jun 25 11:15:18 PDT 2003
> I used to think you could hurt spammers by making them waste
> bandwidth, but I no longer believe that. Spammers can take advantage
> of proxies, open-relays, and in the future, probably even rooted and
> 0wned machines to send spam on their behalf.
But greylisting is only part of the answer. Existing real time black lists
can handle proxies, open-relays and compromised machines especially if
greylisting gives them a one hour head start.
The number of open-relays on the internet is dropping. Partially due to
education and partially due to new software that is set by default not to be
an open-relay. I think a couple more years and the open-relay problem will be
mostly solved except for a small percentage caused by human error that will
be noticed and corrected after some time period.
RBLs make spammers need to change IP addresses after a short period of time.
With RBLs, new IP addresses are very valuable at first and decline in
usefulness over time as they are added to black lists.
Greylists make changing addresses painful. And limit the effectiveness of a
new IP address at exactly the time the RBL can't stop it.
RBLs are weak when new ip addresses are used to spam. Greylists are weak when
the same ip address is used for repeated spam. Combined they can work better
than either alone since each attacks the others weakness.
More information about the Greylist-users