[Top] [All Lists]

Re: Fixing graylisting [was TBR]

2007-11-14 08:31:16

John Leslie wrote:

   What would others like to see in a fix for graylisting?

I am not sure how much can be done. As you know, the reason why it "appears" to work (or it does it job) is that its based on legacy considerations (standard expectations and behavior of smtp senders).

But I may have a few items to consider:

Maybe this is more for 2821bis, is to emphasize proper or retry methods, in particular GL compliant sender to reconsider how their 2nd retry is done. That was one of the first things we had to change in our SMTP client. Basically providing a variable frequency table. Otherwise, that 2nd attempt was delayed to the old once per hour default and we did experiences an increase in reports about the rejects and not seeing email until much later. We hardly see reports or hear of them since the new frequency table as provided.

Possible some guidelines on the response code and text - making it official.

Suggestions about considering auto-whitelisting with local outbound mail flagging outgoing addresses to help auto-whitelist an anticipated response from them. Today, its normal practice during a support incident for us to ask a customer for his email address to send an email if we are planning to ask them to send us something. A 'permission email' per se. That way they get auto-whitelisting.

I guess also some guidelines on the fine tuning of typical GL parameters, such as using a class-c subnet ( masking as part of the triplet hash calculation. As you know, this addresses the sender with outbound farms on the same subnet. In addition, other factors such as a general rule of thumb for retaining records, etc, etc.

One other option to help reduce issues, is to only apply GL for incoming addresses in a group of local domains, a spec or all. For example, for our support system we only apply it to mail coming into to our corp or support domains. Not all other locally hosted domains.

Note sure if this is direct SMTP material but may be useful as design guidelines to consider for future GL implementations to maybe help minimize impact.

Other than that, it just runs, and it does its job which an amazing constant rejection rate of 60% - which I guess is the near standard rate of bombardment by these braindead bulk spammers.

Hector Santos, CTO