On 10/24/11 1:33 AM, Murray S. Kucherawy wrote:
-----Original Message-----
On Tuesday, October 18, 2011 8:39 PM, Douglas Otis wrote:
Grey listing challenges stateful processing of the sender to test an
often erroneous assumption that bots sending spam don't maintain state.
Thanks to grey listing, many bots retry against the same recipients,
just not always with the same message.
That doesn't sound like a "retry" to me, in the MTA queueing sense. For your
claim to be true, it would mean bots institute MTA-style queue-and-retry systems, but
that substantially increases the footprint on the infected machine. It's been my
impression that their reluctance to do this is precisely why greylisting is perceived to
be effective.
Not all RATs install simple SMTP proxies. There is no reason to queue
and retry messages. They can receive a list of recipients separate from
messages to reduce inbound traffic. Marking transmission completion
would allow repeated tuples compared by grey listing mechanisms.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg