[Greylist-users] Greylist improvement: the canary

Franck Arnaud franck at nenie.org
Fri Feb 27 13:15:45 PST 2004

Stephen Carpenter:

> as long as no legitimate smtp server is used to send email 
> to a canary address

Some spammers or viruses do use legitimate servers before 
they're kicked out. If you build a list of known good 
relays from previous mail, it's probably quite safe (if the 
added complexity does not introduce a bug), but there's still 
a possibility that the first ever mail you get from somewhere 
is to a spamtrap, and the second one is from a real user.

> And I don't think there is a good way for spammers to come 
> up with countermeasures.

It's rare to have something without countermeasures! Just 
a random one:

- given two harvested email addresses a,b at same site.
- from IP #1, mail a then b
- from IP #2, mail b then a
- if the result is #1: OK FAIL and #2: FAIL FAIL,
  you have proven that:
     a is a good address
     b is a spamtrap

So remove b from spam list, add a to "good" list, 
spam "good" from IP #3. Arguably you may need many IPs 
at the beginning, but then you can spam loads from a single 
IP using the "good" list.

Now, the countercountermeasure is to convince spammers that 
your real address is a spamtrap :-).

Anyway diversity makes it harder, so the more antispam 
measures there are, the merrier.

More information about the Greylist-users mailing list