Justin Mason wrote:
Chris Lewis writes:
The simple fact of the matter is that open proxy/socks code will _not_
queue - so they won't try a second time[2]. I would strongly suspect
that if you made your greylisting timeout _zero_, and simply 400'd the
first appearance of a given sender/IP/recipient tuple and accept the
next appearance, no matter how quickly, you'd still be getting 90% of
what greylisting with a very long timeout would give you.
Of course, spamming tools will evolve, so then you consider increasing
the timeouts. Too far, tho, and it's worse than where you started. And
I don't think you'd ever get to where you'll be able to take into
account DNSBL latency.
My opinion is that, if greylisting becomes common, spammers will
simply start saving enough data to perform retries.
The longer a spammer keeps using a specific IP address, the bigger is
the chance of him getting traced by the ISP or being kicked off by the
ISP. In general, Greylisting would force spammers to use specific IP
addresses for longer periods of time, killing the advantage that they
gain by moving from server to server.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg