OT: "greylisting" - looking for opinions

Ryan Bingham ryanb at aacrao.org
Sun Jun 22 23:43:56 IST 2003 

Kevin,

I tend to agree that it would be useful only for a short time until the
spammers learn how to circumvent it.

On your point that it would mean less spam for the Bayesian filters, I
find myself in a similar situation with an RBL I'm testing.  I've
started using sbl.spamhaus.org to block spam at the SMTP gateway (after
folks on SAtalk gave it the the thumbs up).  So far it's been working
great: I've seen at least a 1/3 drop in the amount of messages that MS
and SA have to process.  One side effect is that I'm now running a bit
short on spam and Bayes is getting alot more ham than spam (even after
adjusting the autolearn thresholds).

It's kind of ironic that we need to get more spam in order to stop the
spam from getting to us!  :-)

Ryan



On Sat, 2003-06-21 at 05:13, Kevin Spicer wrote:
> >On Sat, 2003-06-21 at 08:39, Ryan Bingham wrote:
> >Sorry to crosspost for those of you who are on the SAtalk list, but I'd
> >be interested to get your opinions on the concept of "greylisting" as
> >a spamfighting tool (I apologize also if this has been brought up on
> >the list before).  To summarize, it involves initially rejecting an
> >SMTP session from an unknown source (this is oversimplifying  -- it's
> >rather more that the entire SMTP session is "unfamiliar") in the
> > expectation that a legitimate SMTP host will try again a short time
> >later while a spamming host will not.
>
> This was covered in some depth yesterday on Slashdot.org.  As I see it
> there are two problems, the initial hour delay for the first message
> with a given 'triplet' (try explaining to users that email isn't
> instant!) and the ease with which the system could be circumvented [ For
> example a spam tool could make two passes through its list, an hour or
> so apart, just doing a HELO, MAIL and RCPT then aborting on the first
> run, because this doesn't send any mail its unlikely to get added to any
> blacklists until its into the second run, this would entirely defeat
> greylisting as far as I can see ].  I think it may be a useful
> short-term approach but is likely to only be successful for a short
> time.  My other concern is that running it with SA would dramatically
> reduce the amount of spam that the Bayes filter gets to learn from, so
> it might even result in more spam getting through.:(
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.

More information about the MailScanner mailing list