On Tue, Oct 11, 2011 at 08:06:16AM -0400, Keith Moore wrote:
I'm not sure that it's worth the trouble. The whole point of
greylisting is to marginalize naive client implementations on the
assumption (largely valid to this point) that they're likely to
be spambots. But I expect that spambots will start to deal with
greylisting very soon. If IETF were to document greylisting it would
only accelerate that process.
I don't think documenting greylisting will accelerate the
(already-underway) process of spammer adaptation. I think the prime
mover there is the adoption rate of greylisting. This isn't unique
to greylisting -- we've seen spammers adapt to other countermeasures
when they've (apparently) judged that those measures are sufficiently
widely-used to merit their attention and effort.
On the other hand, it's not clear to me what benefit we could achieve
by doing so. That is, I'm not sure I see many instances of greylisting
implementations behaving badly -- thus, potentially benefitting from
a document that would give some guidance. I think that most of the ones
I've observed are doing a reasonable (if, perhaps, sometimes annoying
or inconvenient) job of deferring mail traffic for a sensible length
of time. Are others' logs reflecting a different picture?
---rsk