[Greylist-users] Possible Enhancements

Jason 'XenoPhage' Frisvold friz at godshell.com
Tue Jan 25 12:59:20 PST 2005

Scott Nelson wrote:

>If you're going to go to the trouble of connecting to the MX,
>you might as well go the extra step and check if the return address 
>is valid, and if it's not, then reject the email.


>This may or may not be a good idea from a block spam point of view,
>but is it really an enhancement to greylisting?
>Seems like a completely different and unrelated technique to me.

The biggest complaint about greylisting is the initial 1 hour delay when 
the sender is new to the database.  By doing a reverse DNS lookup on the 
IP the connection is sourcing from, checking for an MX record, and 
possibly doing a callback, you can prevent this 1 hour delay.  Insert 
the IP address into the database with an expiration time, and any 
further connects from that IP will pass through without any interruption.

If the source really is a mail server, then delaying for an hour is 
pointless.  You have a pretty good idea that the server will be retrying 
the messages.

It may be possible to bypass the callback altogether and merely look for 
an MX record.  The advantage is that you save some time by not calling 
the originating server back.  On the downside, spammers can, 
conceivably, put mx records in dns.  However, the majority of zombies 
wouldn't be able to pass through that test because there's virtually no 
way for them to create an mx record.

Should the mx/callback test fail, you greylist like you normally would.  
This would also cut down the database size, esp. for large deployments.

>Scott Nelson <scott at spamwolf.com>

Keep in mind, Im just bouncing around ideas..  Feedback is always 
welcome..  :)

Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz at godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
"Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."

More information about the Greylist-users mailing list