[Greylist-users] relay identification
franck at nenie.org
Wed Jan 7 13:44:02 PST 2004
>Shorter delays still seem to be mostly effective. I'm just waiting until
>the spammers catch on and this becomes not the case. I'm a little surprised
>that they haven't already.
I would find their reacting surprising. Spammers probably react
only to things that seriously dent their response rate, and it
takes something applied by a large proportion of users to do
this. So until AOL and the like adopt greylisting, it should
>There are a few spammers that do seem to do a few retries before giving up.
>The time before retry varies a bit, but most I have seen still seem to be in
>the under 10 minute timeframe (so far).
But are they really retries, or just attempts at delivering multiple
spams (which would be delivered even with an OK)? It is common for
spammers to send bundles.
The behaviour that looks like retries I've seen are using several
zombies, presumably to find one source that's not blacklisted, but
that does not distinguish between temp or permanent fail or deal
> Eventually you'll want a minimum number of tries as well as a minimum
> amount of time.
Would that be helpful? If spammers want to beat greylisting and
they are not stupid, they will simply use the same retry strategy
as popular mailers, or indeed use popular mailers. Once spammers
seriously try to beat greylisting, it will fail to stop those
who try, unless the delay is used to do something else as suggested
in the paper. Tweaking delays or retry counts should not buy
much extra effectiveness.
More information about the Greylist-users