ietf-asrg
[Top] [All Lists]

Re: [Asrg] greylisting with whitelist of good mailservers

2006-01-29 09:05:14
I've been experimenting with technique that involves combination of
mail server ip address whitelist with greylisting. The idea is by
default to greylist, but once good email is received, the ip address
of mail system is added to special whitelist (I also record name
reported in EHLO but do not use right now) and afterward greylisting
is no longer done and email is processed immediately.

That's close to the usual way to do greylisting.  See my CEAS paper
from last year.  My greylister doesn't make any attempt to look at the
contents of mail, just remembers the envelope, and if it sees a retry
with the same envelope in a reasonable time window, it succeds and
whitelists the IP.

The original greylist implementation greylists every (IP,sender,recip)
triplet separately, but that never made any sense to me and I always
assumed it is an implementation bug.  Once you know that an IP's
client retries, you've learned all you're going to learn from
greylisting and there's no point in delaying any more.

One of the problems is however determining what is good email.

I don't even try.  What's the advantage?  You're already doing another
pass to figure out what's good and what's not.  If a host sends only
spam, it's worth blacklisting, but I don't see any connection between
that and whether it retries.

I'm concerned however that this could open a door for spammers to
test how "good" my system thinks their email is and adjust the
content. Am I being too paranoid?

Probably.  I doubt they do per-recipient-host tuning for anyone
smaller than Earthlink.

R's,
John


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg