[Top] [All Lists]

Re: We need an IETF BCP for GREY LISTING

2011-10-25 12:05:42

On 25/10/2011 17:08, Hector wrote:
Patrik wrote:

On 25 okt 2011, at 15:29, Hector wrote:

If this became an RFC, which I object to, I immediately would hack my smtp server to lie, because only real smtp clients would probably retry enough to get the mail through.
Lie in which way?

By saying "you are gray listed in 5 minutes", but in reality the gray list is 7 minutes.
What's the point in that?

If a spam sender was going to retry at all, currently it could retry in, say, 15 minutes, and have a strong chance of getting through. Greylisting won't stop that. The reason grey listing works is because many spam senders do not retry at all.

Simply telling a spam sender 'retry in 5 minutes and you'll probably get through' won't magically make them start retrying. They'll either retry anyway, and get through greylisting regardless, or not retry, and not get through greylisting regardless.

All a retry hint does is help senders which retry. Believe it or not, it is better to help a retrying spammer as well. If a retrying spammer currently tries every 10 seconds, then if your hint tells it not to bother retrying for 5 minutes, you get the same amount of spam, but less load on your server - you don't get more spam. (Yes, the spammer gets less load on their sender as well, but they probably don't care about that).

Senders which don't retry (which is the 'target' for greylisting) still won't retry, so their spam won't get through.