[Greylist-users] Problems with CommuniGate.
David F. Skoll
dfs at roaringpenguin.com
Fri Jun 27 15:15:47 PDT 2003
On Fri, 27 Jun 2003, martin dempsey wrote:
> I'm not certain the exact timeout is critcal for spam. Remember, if
> a spammer really wants to get through a greylist, its not hard -
> they can pay the bandwith and make enough retries to get through.
There's not that much cost. All the spammer has to do is pick a time
that's likely to be longer than the minimum, but shorter than the
maximum, and retry failed attempts then. I suspect that almost all
existing greylist implementations have min <= 3 hours <= max, so 3
hours seems like a nice number to me.
> So what you are trying to stop is a spammer who remails the same
> list and "accidently" gets through the greylist. If the spammer
> doesn't know about the greylist, he/she/it is likely to use a
> different return address and fail anyway.
This is what we observe. Our software has implemented a less sophisticated
version of greylisting for about 8 months now -- essentially, our minimum
timeout is zero seconds (you can retry as quickly as you want) and the
maximum is very long (around 7 days), and yet we still stop a lot of
spam without even getting to the content-scanning phase.
More information about the Greylist-users