[Greylist-users] Greylist improvement: the canary
franck at nenie.org
Fri Feb 27 13:15:45 PST 2004
> as long as no legitimate smtp server is used to send email
> to a canary address
Some spammers or viruses do use legitimate servers before
they're kicked out. If you build a list of known good
relays from previous mail, it's probably quite safe (if the
added complexity does not introduce a bug), but there's still
a possibility that the first ever mail you get from somewhere
is to a spamtrap, and the second one is from a real user.
> And I don't think there is a good way for spammers to come
> up with countermeasures.
It's rare to have something without countermeasures! Just
a random one:
- given two harvested email addresses a,b at same site.
- from IP #1, mail a then b
- from IP #2, mail b then a
- if the result is #1: OK FAIL and #2: FAIL FAIL,
you have proven that:
a is a good address
b is a spamtrap
So remove b from spam list, add a to "good" list,
spam "good" from IP #3. Arguably you may need many IPs
at the beginning, but then you can spam loads from a single
IP using the "good" list.
Now, the countercountermeasure is to convince spammers that
your real address is a spamtrap :-).
Anyway diversity makes it harder, so the more antispam
measures there are, the merrier.
More information about the Greylist-users