[Greylist-users] Looking for updated list of bad (but good)senders
Brian Michalk
michalk at awpi.com
Wed Sep 15 14:39:51 PDT 2004
> -----Original Message-----
> [mailto:greylist-users-bounces at lists.puremagic.com]On Behalf Of Scott
> Nelson
> At 07:34 AM 9/15/04 -0400, Ken Raeburn wrote:
> >"Brian Michalk" <michalk at awpi.com> writes:
> >> to give him the ability to
> >> submit domains for whitelisting. Allow that registered user
> to submit, say
> >> 1 whitelist per month to the system. As time goes on, that
> user becomes
> >> more and more trusted. If the user abuses the system, the account is
> >> yanked.
> >
> >Nice approach.
> >
>
> IMO, a terrible approach.
> In many cases, the first submission would be a few dozen IPs,
> and after that nothing.
>
> And rate limiting is only meaningful if there is no way to get
> 1000 accounts.
> So you put an obstacle in the way of people who want to help,
> and don't really affect the people who want to be "bad".
Why such a bad approach? Assuming some database exists for the new user,
then 99% of the domains he wishes to be whitelisted are already in the
database. If he runs a mailserver, yes, he may need to add more than one,
but it needs to be limited to a certain number.
I still feel that this could be automated and distributed, and difficult to
abuse.
Any system that syncs its database with some peer could perhaps check the
new server that wishes to be whitelisted. If new server says its
sendmailxxxx, then you know he should be the retrying type and not need
whitelisting.
I'm assuming we are talking about the servers that send email according to
the subject of this thread, and those are the broken servers, or servers in
a pool.
More information about the Greylist-users
mailing list