[Greylist-users] Greylist improvement: the canary
mjd at digitaleveryware.com
Fri Feb 27 13:56:17 PST 2004
> It's rare to have something without countermeasures! Just
> a random one:
Point taken. Obviously, all addresses, good or canary/spamtrap should
tempfail for the 1st hour (or whatever greylist delay) before spitting back a
failure. Spammers trying to get through would have to limit themselves to
one email per hour per sending ip address. At that point, I think we've won.
And I can see bouncing with a reasonable error message to give information to
legitimate users (which I think is important) is in conflict with keeping
information from spammers.
I suppose one better (less obvious to spammers) solution is to tempfail every
address for the initial delay, then accept and trash (or feed to your spam
filter) messages to spamtrap addresses preventing spammers from realizing
they are not good addresses. And then you could even bounce (assumed spam)
messages to good addresses from the same IP with a confusing error like
"email address not found" confident that if it were truely a real email
someone would call tech support to straighten out the problem. That sort of
error message might even convince spammers to purge their list of the good
addresses assuming they were no longer good.
But remember, in this case in general, so far our "enemy" is one that can't
even be bothered to queue messages and retry after more than one hour. I'm
not certain the sophisticated attack you mentioned is an issue in the real
> Anyway diversity makes it harder, so the more antispam
> measures there are, the merrier.
I've already started to add hidden (invisible) spamtrap/canary email
addresses to pages on websites I control.
More information about the Greylist-users