Patrik Faltstrom (pfaltstr) wrote:
Further, the whole idea with gray listing is that the assumption is that real
smtp clients are more stable than spam senders.
+1
If we make the life easier for spam senders, what do you think real clients
and servers will do? Of course explore some other corner of the protocol.
This was somewhat addressed in the Security section. Plus there is no
evidence of exploitation with at least seven current implementations
already offering informal time hints. Plus, there is no negative
evidence that moving a sender into a managed time window is actually
bad, but desirable. Finally, extension or no extension, all SMTP
systems MUST be able to deal with DoS issues and loading issues
regardless any SMTP extension. This extension does not alter this
prudent requirement and in IMO, actually improves server availability.
If this became an RFC, which I object to, I immediately would hack my smtp
server to lie, because only real smtp clients would probably retry enough to
get the mail through.
Lie in which way?
I.e. a paper on this only help the spam generators.
I don't see the cons, but if so, IMV, the pros outweigh the cons.
There is even a risk people will require support for this which would limit
the ability for spam fighters to on server side guess whether smtp flow is
legitimate or not.
How so?
There is no change in operations other than to give MTA clients a
retry time "hint" factor, the MTA can optionally use or not. It
doesn't change its behavior that necessitate a retry. If a spammer
adapts to this, then I ask, what took him so long when it could of
just adapted the easy way - keep retrying?
I don't see why this give incentives to a spammer to finally do
something that it could of done anyway long ago. And I'm sure many
over the years that could adapt, did.
The fact is, Greylisting can't address any SMTP sender that retries.
It only address the abusive random "single shot" senders that will
never try the same transaction again.
I.e. the draft is not explaining what problem there is to solve, the contrary.
Didn't the background section go into details for the various issues
and impact due to Greylisting? Does it need to be redone, rewritten?
--
HLS