[Greylist-users] Problems with CommuniGate.

David F. Skoll dfs at roaringpenguin.com
Fri Jun 27 15:15:47 PDT 2003

On Fri, 27 Jun 2003, martin dempsey wrote:

> I'm not certain the exact timeout is critcal for spam. Remember, if
> a spammer really wants to get through a greylist, its not hard -
> they can pay the bandwith and make enough retries to get through.

There's not that much cost.  All the spammer has to do is pick a time
that's likely to be longer than the minimum, but shorter than the
maximum, and retry failed attempts then.  I suspect that almost all
existing greylist implementations have min <= 3 hours <= max, so 3
hours seems like a nice number to me.

> So what you are trying to stop is a spammer who remails the same
> list and "accidently" gets through the greylist. If the spammer
> doesn't know about the greylist, he/she/it is likely to use a
> different return address and fail anyway.

This is what we observe.  Our software has implemented a less sophisticated
version of greylisting for about 8 months now -- essentially, our minimum
timeout is zero seconds (you can retry as quickly as you want) and the
maximum is very long (around 7 days), and yet we still stop a lot of
spam without even getting to the content-scanning phase.


More information about the Greylist-users mailing list