ietf-smtp
[Top] [All Lists]

RE: Everyone Greylists Except Honeypots ... So Let's Not Spam Honeypots!

2007-12-05 21:49:34

Making a sufficent set of honeypots minimally distinguishable from valid
addresses 
should be a consideration in spam defense.  A very large number of mine
have the 
same SMTP acceptance policies and latencies as valid accounts.  

As for the other honeypots (undefended by RBLs, etc.), they'll go when
they stop
being useful.  Benign diversity is a great thing.  Incompatibility (a la
graylisting)
doesn't meet the "benign" criterion.

Regards,

Alex Bobotek
alex bobotek.net



-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of 
Sabahattin 
Gucukoglu
Sent: Wednesday, December 05, 2007 9:30 AM
To: ietf-smtp(_at_)imc(_dot_)org
Subject: Everyone Greylists Except Honeypots ... So Let's Not 
Spam Honeypots!


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does this notion bother anyone, in particular?

The argument for greylisting is apparently no longer - and if 
it is, it can't be for *much* longer - that, "So what if we 
can't detect non-MTSs anymore?  We can still trap the bad 
ones by letting our favourite non- greylisting BL spamtraps 
capture them!"

So all Mr. Bad Guy needs to do now is realise the significant 
uptake of greylisting for this one purpose, and never spam 
any host that seems to accept all initial transactions.  They 
can do this simply by not entering the DATA state.  And if 
that's used as metric, by sharing data amongst themselves as 
to the exact purpose of non-greylisting hosts.

Any thoughts?

Cheers,
Sabahattin

- --
Sabahattin Gucukoglu <mail<at>sabahattin<dash>gucukoglu<dot>com>
Address harvesters, snag this: feedme(_at_)yamta(_dot_)org
Phone: +44 20 88008915
Mobile: +44 7986 053399
http://sabahattin-gucukoglu.com/


-----BEGIN PGP SIGNATURE-----
Version: PGP 8
Comment: QDPGP - http://community.wow.net/grt/qdpgp.html

iQA/AwUBR1bgNSNEOmEWtR2TEQJeGACfRn3DRGVvi0C1+ucvPJpW44J6wq8AoLbo
qLQCroHslVRBW0AZk6MFyDAh
=KFk2
-----END PGP SIGNATURE-----



<Prev in Thread] Current Thread [Next in Thread>