ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] New proposal for spam blocking: Greylisting

2003-06-25 18:59:40
from [Evan Harris] [Permanent Link] 

It should be noted that the 30% is actually quite a low estimate of the
effectiveness, which was based on numbers derived from a slightly similar
implementation.  But the newer implementation has significant advancements
that make a marked increase in the effectiveness, as many others are coming
to realize as they start implementing it.

Here's a key quote from a user on the greylisting-users list hosted at
http://lists.puremagic.com/


RBLs are weak when new ip addresses are used to spam. Greylists are weak
when the same ip address is used for repeated spam. Combined they can work
better than either alone since each attacks the others weakness.
- Martin Dempsey


Evan


On Sun, 22 Jun 2003, Vernon Schryver wrote:


From: "Elric Pedder" <elric(_at_)novitraq(_dot_)com>



...
Regardless, I'm not an advocate of greylisting.  I agree with
the points you and others have made and the most significant is
that it has a relatively short life span.  However it is one of
the more interesting solutions to appear recently.


I agree with the last sentence, but not all of the rest.  Others have
reported that similar tactics are around 30% effective.  The high
effectiveness reported here might be because, as was said, the high
rate included dictionary attacks.  You'd expect dictionary attack spam
to be particularly likely to be "hit-and-run."

My random guess is that should it become popular, its effectiveness will
drop from 30% to 10-20%, because it will ever become universal and many
spammers blocked by it will choose to send to more addresses than go to
the substantial trouble to send to the same targets through the same open
proxies.  If I'm right, 10-20% is nothing to sneeze at, and is as good as
or better than the realistic prospects of several other, purely theoretical
spam defenses whose advocates promise us more.

Note that greylisting can be seen as a variety of quarantine mechanism.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg






_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] viral worms, wormy viruses, and design vs. software, Eric Brunner-Williams in Portland Maine
Next by Date:  Re: [Asrg] Weird spam, Vernon Schryver
Previous by Thread:  RE: [Asrg] New proposal for spam blocking: Greylisting, Vernon Schryver
Next by Thread:  Re: [Asrg] New proposal for spam blocking: Greylisting, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]