Justin Mason wrote:
Chris Lewis writes:
Of course, spamming tools will evolve, so then you consider increasing
the timeouts. Too far, tho, and it's worse than where you started. And
I don't think you'd ever get to where you'll be able to take into
account DNSBL latency.
My opinion is that, if greylisting becomes common, spammers will
simply start saving enough data to perform retries.
Oh, yes, certainly, they can easily do that. Even with a full blown MTA
queueing the whole thing. However, greylisting puts a severe damper on
total throughput, which may often be enough to tilt the economies of
scale against it being profitable for most spammers.
[2] That's not _entirely_ true, I've seen some spammers that retry 550's
after DATA several times very quickly (within minutes). Not sure
whether that's proxy or relay behaviour.
Actually, probably broken spamware that's been interrupted/crashed/moved
to another host, without checkpointing which addrs have already been
mailed. I regularly get duplicated spams to the same address multiple
times in 1 4-hour interval.
Actually, I'm referring to "retries" from the same originating IP a few
seconds apart.
I get lots of duplicated spam from different IPs. You don't really
think they care whether their distributed spamware sends me 1 or 15
copies, do you?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg