ietf-asrg
[Top] [All Lists]

Re: [Asrg] Greylisting BCP

2011-10-25 10:51:59
Murray S. Kucherawy wrote:
-----Original Message-----
From: asrg-bounces(_at_)irtf(_dot_)org 
[mailto:asrg-bounces(_at_)irtf(_dot_)org] On Behalf Of Douglas Otis
Sent: Tuesday, October 18, 2011 8:39 PM
To: asrg(_at_)irtf(_dot_)org
Subject: Re: [Asrg] Greylisting BCP

Grey listing challenges stateful processing of the sender to test an
often erroneous assumption that bots sending spam don't maintain state.
Thanks to grey listing, many bots retry against the same recipients,
just not always with the same message.

That doesn't sound like a "retry" to me, in the MTA queueing sense.  For your 
claim to be true, it would mean bots institute MTA-style queue-and-retry systems, but 
that substantially increases the footprint on the infected machine.  It's been my 
impression that their reluctance to do this is precisely why greylisting is perceived to 
be effective.

Retry or not retry... This just means that there are some possible ways to pass through greylisting and that greylisting isn't perfect... as any other filtering method, be an RBL, SPF, statistical filters or anything else.

The correct way to present it is something like :

"... to test a most of the time valid assumption that bots sending spam don't 
maintain state".

Maybe in the future this assumption won't be true anymore, but for the moment, it seems to me that it still holds.




--
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg