Since the discussion is focusing on greylisting vs. DMTP, we'd
like to emphasize that DMTP does not exclude the use of
greylisting. Greylisting can also be used with DMTP as
follows: unclassified sending MTAs can be asked to retry
delivery of DMTP intent messages at a later time.
This combines the benefit of greylisting with the benefit of
DMTP's pull-based architecture.
On 5/7/05, Daniel Feenberg <feenberg(_at_)nber(_dot_)org> wrote:
Can you describe how this is superior to "greylisting", which, as I
understand it amounts to refusing mail from unclassified sources with a
"try again later" (TEMPFAIL) code the first time it is offered, but
accepting it if offered again several hours later?
I mentioned this in greater detail in earlier reply to Matthew's email.
Essentially greylisting is still a sender-push model that still leaves
receivers in
a reactive mode. DMTP advocates a hybrid model : allow
message "push" from "whitelisted" senders, "pull" messages
from any unclassified sender and, of course, block the blacklisted ones.
The advantage for greylisting is that most legitimate senders are already able
to handle receivers using this technique, whereas DMTP would require an
upgrade to all senders to comply.
This is not correct. DMTP does not require DMTP-compliance from all senders
at once. There are dfferent incremental deployment paths (Section 3.6) each of
which can be pursued by different vendors independently. Currently the
draft describes a challenge-response based scheme, though it can also
be easily replaced by other sender-discouragement mechanisms (e.g. greylisting).
I understand that greylisting works now because spammers haven't found it
worthwhile to record success or failure, and don't come back after a
TEMPFAIL. Of course, if many receiving MTAs started to use the technique,
spammers might respond by keeping such records. In that case, DMTP (or
greylisting, for that matter) would be effective only insofar as
blacklists could be expected to pick up new spammer addresses in a matter
of hours.
The last sentence is not true for DMTP. There is a basic difference.
Greylisting will accept the spam from unclassified senders on second
attempt if DNSBL cannot be updated within a time interval. DMTP does
not depend on updating DNSBL within some time interval. If sender is
unclassified, DMTP resorts to receiver-pull mode (whether it is a first
try or second or third...).
- Kartik
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg