[Greylist-users] What timeouts should be used with greylisting

Bob Apthorpe apthorpe at cynistar.net
Wed Jun 25 13:55:11 PDT 2003


On Wed, 25 Jun 2003, David F. Skoll wrote:

> On Wed, 25 Jun 2003, martin dempsey wrote:
>
> > RBLs are weak when new ip addresses are used to spam. Greylists are
> > weak when the same ip address is used for repeated spam. Combined
> > they can work better than either alone since each attacks the others
> > weakness.
>
> Yes, you are right.  And that's why I fear we'll see spammers and
> crackers working together.  If you own a farm of compromised machines,
> you have ready access to new, but stable, IP addresses.

s/why I fear we'll see/why we see/

Spammers already compromise hosts to send spam (from 12/2002:
http://news.spamcop.net/pipermail/spamcop-list/2002-December/026633.html
; also http://www3.ca.com/virusinfo/virus.aspx?ID=13645). Search Google
for 'jeem'.

In a weird way, this is comforting. It reinforces the notion that spam is
a security issue, not a speech, privacy, or save-the-children-from-pr0n
issue. Second, it shows that technical means alone have pushed spammers
further toward blatant and actionable criminal behavior. It's not
clear to me that you could successfully prosecute someone for spamming via
open proxies and relays, but there's no defense for r00ting someone else's
host to send spam. If greylisting pushes spammers to more egregiously
criminal behavior, I'm all for it.

-- 
Bob Apthorpe



More information about the Greylist-users mailing list