Re: greylisting done at end of headers, or end of daya (QUIT) ?
2007-01-31 18:45:47
Carl S. Gutekunst wrote:
Let's say I just bought some software; the vendor is about to E-mail me
the license key. Or: I just registered at my health insurance company,
and they're sending me a confirmation code via E-mail that I must have
for access to my medical records. How am I supposed to white list those?
Even if I can guess what domain they're sending from, it's still a
manual process.
Good point. What I do is give these special, rare and personal signup
processes, a special email address that is only temporary and dedicated
for the specific purpose. I also use a special "dump box" where
everything is accepted for these type of stuff where I don't want to
worry about given them a special address.
This also eliminates the worry about them selling the email address.
Regardless if they say they won't, I don't believe them. :-)
The final straw was a small software vendor who had outsourced their
license key generation, and the key generator's SMTP client didn't grok
4xx errors and disabled my account. I had to badger them for several
days to get the stupid key.
Bottom line for me is gray listing turned out to be one of the many
"clever" techniques that slowed the spam down for a little while, but
eventually proved to be more nuisance than help.
I can appreciate your point and opinion, but IMV you are talking about
highly rare transactions. By far, the BAD outweight the GOOD and that
is what most low to mid tier sysops have realized when they isn't really
must else to go by these days. Even high tier operations are using
Greylisting methods. But no doubt, the low to mid tier (the majority of
the internet) is where you are seeing Greylisting growth.
What I tell my sysops is that if you sit there watching this stuff,
waiting for the mail, you will increase your doubt wondering whats going
on or if the good guy is going to try again, and when. Just let it run
and it works. Good Systems are 100% SMTP compliant and will try again.
I have YET to see a false positive and if it happen, it was a BADLY
operated system - which I'm sure happen, but its RARE.
--
HLS
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, (continued)
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, william(at)elan.net
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Peter J. Holzer
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Keld Jørn Simonsen
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Carl S. Gutekunst
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Arnt Gulbrandsen
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Hector Santos
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Carl S. Gutekunst
- Re: greylisting done at end of headers, or end of daya (QUIT) ?,
Hector Santos <=
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Valdis . Kletnieks
- Re: greylisting done at end of headers, or end of daya (QUIT) ?, Carl S. Gutekunst
Re: greylisting done at end of headers, or end of daya (QUIT) ?, Glenn Anderson
Re: greylisting done at end of headers, or end of daya (QUIT) ?, Hector Santos
|
|
|