greylisting

[William Burns]

Dan:

>greylisting will only work until these criminals start writing proxies
>which spool and retry on the victim's machines.
>
>if greylisting starts getting deployed on any scale, you can bet they will
>just start deploying spooling backdoors/viruses.
>
>
A greylist would be a valuable option to mail administrators.

I agree that spammers will adapt to this technique.
I agree that this could eventually make a greylist useless as a "lone
defense" against spam.

But... I believe that if software like mailscanner and/or spamassasin
can take advantage of the logs generated by a greylist, (by blacklisting
server IPs that appear often in greylist logs) that this will greatly
strengthen the greylist technique. The greylist technique itself will
complement other techniques like spamassasin, RBL, etc.
(a one hour delay might be enough for a pro-active RBL to react)

The downside (a one-hour delay for legitimate first-time messages) could
be addressed w/ SPF. (as an optional override to the greylist)

-Bill