[Greylist-users] Microsoft and Greylisting

[Franck Arnaud]

martin dempsey:

> If everyone uses different time values the only way to get 
> through is to retry a couple times.

Which is trivial for spammers to do if they were bothered to! 
Remember a typical serious spammer will send you several 
messages a day, every day (the one-shot spammers is a tiny 
percentage of spam traffic), so they "retry" already.

They currently cycle their addresses so that there is no 
reuse, which is good for us currently, but they only need 
to tweak their address allocation algorithm so that they 
reuse some triplets every few days (more than any reasonable 
delay).

> every bit of bandwidth they can steal so doubling/tripling whatever 
> is a good thing (I do my rejects at the end of the data phase).

It does use your own bandwidth though, but it is indeed more costly 
for them than classical greylisting that reject at the envelope.
If you do that, you could hash the message and greylist 
for the initial message on (host, from, to, message-hash) 
which would be immune to retries that reuse the envelope but 
not the message as described above (although maybe some real 
mail servers do change messages between retries?)

> I can see some benefit in Microsoft doing it. It will cause people to 
> properly setup their MTAs to retry.

Anyway, Microsoft's 'Penny Black' seems to me it has very little 
in common with greylisting: it's strange to say it's about 
"delaying", it seems much closer to the "email tax" proposals, 
paid in CPU cycles so no need to also solve the "micropayments"
problem at the same time.