There is a danger in specifying the precise details/tuning values of a
"standardized gray listing" mechanism. If it's too predictable, you
could probably come up with a simplistic mechanism for defeating it
without requiring the complexity of queuing. "Hybrid vigor" is a good
thing.
Good point.
I like the idea of a BCP though and I like the outline too.
Some quick comments:
Do people apply greylisting post-DATA in practise? Or is this really only
something only performed in labs as it is the only way to determine whether
causes false positives.
It is hard to reliably determine how much greylisting helps on a specific
system, i.e. what difference it makes compared to the hypothetical situation
greylisting wasn't used. May be an idea to include some caution about that.
"greylisting is more expensive than not greylisting"
Can you explain this?
"special actions to take if the same message is retried before the time limit
expires"
I assume by "message" you mean the (sender, recipient, MTA) triplet?
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg