Hi Daniel,
Kartik has pointed out a few difference between DMTP and greylisting. Here
I want to add some follow-ups.
One tricker difference between DMTP and greylisting is the time window
that Greylisting and DMTP provide for RBLs to detect to a spammer and
black list it. For Greylisting, if spammers indeed retry, the time window
is from when the first receiver reads a spam message in a retry (or more
precisely, the first user reports the spammer information to RBLs) to the
time the spammer finishes sending the last spam message in this round of
retry (assuming a more or less simple, synchronized model). It is key to
note that this time window is not the retry window (time between retries).
However for DMTP, the time window is related to the user email retrieval
behavior. The later a receiver tries to retrieve a message from an
unclassied sender, the more likely that the sender has been black listed
(if it is a spammer).
Another difference is how DMTP and Greylist populuate the whitelist.
Greylist does this based on the history of a triplet and this is done to a
large extent automatically. However, DMTP's whitelist is populated based
on if receivers want to communicate with the senders (for example,
someone may prefer to only directly communicate with regular contacts, no
matter how others behave, bad or good). I am not arguing which one is
better, but I do think we need to pay attention to the way how
we populate the whitelist, when we fight spam as a community, as spammers
will certainly also eye it.
Cheers,
-Zhenhai
============================================
Zhenhai Duan
Assistant Professor
Department of Computer Science
Florida State University
Tallahassee, FL 32306-4530
Phone: (850) 645-1561
Fax: (850) 644-0058
Email: duan(_at_)cs(_dot_)fsu(_dot_)edu
URL: http://www.cs.fsu.edu/~duan
=============================================
On Sat, 7 May 2005, Daniel Feenberg wrote:
As we are new to the IETF process, we welcome any suggestions
pointing out potential improvements as well as deficiencies in the draft.
Can you describe how this is superior to "greylisting", which, as I
understand it amounts to refusing mail from unclassified sources with a
"try again later" (TEMPFAIL) code the first time it is offered, but
accepting it if offered again several hours later?
Could greylisting be made even more like your plan if the receiving MTA
only accepted mail on the second try if it came from the same IP address?
The overall effect - requiring the sender to maintain their server for
several hours before mail is accepted - seems to be about the same. The
advantage for greylisting is that most legitimate senders are already able
to handle receivers using this technique, whereas DMTP would require an
upgrade to all senders to comply. I observe that MTA vendors and FOSS
sources of MTAs are extraordinarily resistant to new procedures.
I understand that greylisting works now because spammers haven't found it
worthwhile to record success or failure, and don't come back after a
TEMPFAIL. Of course, if many receiving MTAs started to use the technique,
spammers might respond by keeping such records. In that case, DMTP (or
greylisting, for that matter) would be effective only insofar as
blacklists could be expected to pick up new spammer addresses in a matter
of hours. Is that feasible? My impression is that while it may be
feasible, it is made necessary only by the tendency of DNSBLs to drop
entries rather quickly. If blacklist entries for dynamic addresses are
made very persistent, it isn't necessary to pick them up quickly, they
will already be on the list from the last spam run days or weeks before,
in which case the DNSBL itself is sufficient, and DMTP or greylisting is
not much additional help.
Daniel Feenberg
feenberg isat nber dotte org
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg