[Greylist-users] Greylist gravy train ends in 3-6 months

Regis Wilson rwilson at rose.gnp.com
Fri Jul 16 07:52:48 PDT 2004

Hi, just recently implemented Greylisting and it works phenomenally well.
I recommend a procedure where you first just log the tuples for a week or
so.  Since the spammers use random from and random IPs, any referecne count
over 2 or 3 for a tuple should be enough to whitelist it before you implement

Also, as the subject suggests, I don't know if anyone realises that greylisting
will be dead very soon.  As soon as the spammers notice any impact on their
delivery rates, it would be incredibly simple to overcome greylisting, to wit:

1.  Zombie machine downloads 10,000 email addresses and starts delivering mail
2.  Zombie detects tempfail code and puts from, to, and timestamp in redliver
3.  Zombie is done mailing 10,000 emails, goes to redliver queue.  If timestamp
    is 1 hour, 1 minute old, redeliver using same from, to and IP.

It took me 3 seconds to come up with this idea and algorithm.  Any programmer
could write it and test it within one hour.  The next virus or trojan payload
upgrades all the zombies and infects more new zombies.  Greylisting is dead,
long live greylisting!

"When the dam breaks open many years too soon
 I'll see you on the dark side of the moon"
    --Pink Floyd

More information about the Greylist-users mailing list