[Greylist-users] Waiting until after the DATA phase.

Scott Nelson scott at spamwolf.com
Wed Jun 25 11:43:41 PDT 2003

At 12:17 PM 6/25/03 -0500, Corey Huinker wrote:
>A large ISP has a measurable percentage of their bandwidth taken up by
>inbound spam.  Spam isn't just an intangible cost to them, it's completely
>measurable on a monthly basis.
>In summary, while it's A-OK by me if your greylisting implementation waits
>until after the DATA phase to tempfail, I think it's missing one of the
>chief advantages of greylisting: conserving bandwidth.

In some sense I am a large ISP.  I work for a web hosting company,
and we will shortly be implementing greylisting on all our machines
(assuming that the initial tests pan out that is.)

In our case, we have so much excess inbound capacity that it's not
even funny.  A 100 Mbps increase in inbound would not even be
visible on the traffic graph.  Bandwidth wasted on spam is such 
an insignificant blip I had to build a special tool to measure it.
So in our case, the bandwidth spam uses /is/ an intangible cost.

Even for an "eyeball" ISP like AOL that does more in than out,
spam is a tiny percentage of their total traffic.  I once heard
a figure of 7Gbps for AOL from spam.  If they paid what I pay for
bandwidth (and I'm sure they pay less) that would be less than
$700,000 US per month.  That sounds like a huge number, but
with 30 million users, it's less than 2.5 cents per.
It's tangible, but if they could increase sales 1% it would have
a greater effect on their bottom line.

The point I'm trying to make here is that in both cases,
the ISP is trying to make the customer happy.  Sure, we want
to save bandwidth, but if we can stop 90% of spam by doubling 
the bandwidth, that's a /great/ tradeoff.

Scott Nelson <scott at spamwolf.com>

More information about the Greylist-users mailing list