Murray S. Kucherawy wrote:
-----Original Message-----
From: asrg-bounces(_at_)irtf(_dot_)org
[mailto:asrg-bounces(_at_)irtf(_dot_)org] On Behalf Of Douglas Otis
Sent: Tuesday, October 18, 2011 8:39 PM
To: asrg(_at_)irtf(_dot_)org
Subject: Re: [Asrg] Greylisting BCP
Grey listing challenges stateful processing of the sender to test an
often erroneous assumption that bots sending spam don't maintain state.
Thanks to grey listing, many bots retry against the same recipients,
just not always with the same message.
That doesn't sound like a "retry" to me, in the MTA queueing sense. For your
claim to be true, it would mean bots institute MTA-style queue-and-retry systems, but
that substantially increases the footprint on the infected machine. It's been my
impression that their reluctance to do this is precisely why greylisting is perceived to
be effective.
Retry or not retry... This just means that there are some possible ways to pass through greylisting
and that greylisting isn't perfect... as any other filtering method, be an RBL, SPF, statistical
filters or anything else.
The correct way to present it is something like :
"... to test a most of the time valid assumption that bots sending spam don't
maintain state".
Maybe in the future this assumption won't be true anymore, but for the moment, it seems to me that
it still holds.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg