On Oct 26, 2011, at 11:35 AM, Dave CROCKER wrote:
I really worry about saying to the spammer
"this site does greylisting" and, if that happens enough, having
the spammer respond (internally) "ah, it is greylisting and not
some random temporary server unavailability, we know what to do
giving spammers the information they need to become
smarter and the incentives to do so are really not in our
long-term best interests.
Greylisting only works due to spammer laziness. It is only a barrier for the
trivial spamming engines.
As soon as a spammer is motivated to do interesting work, they can and do
work around greylisting easily.
So this particular context is not one that warrants worrying about "giving"
information to spammers.
The reason that greylisting continues to be useful is that there happens to
be a significant portion of the spamming world that does, in fact, use
I consider it at least plausible that the reason more spammers haven't worked
around greylisting is that it's currently below their radar. They're probably
aware that it exists, but either they're not aware of how much it affects their
delivery rates, or they are aware and it doesn't affect those rates enough for
them to worry about.
Publishing an RFC about greylisting could change this in two ways: (1) it would
make spammers more aware of greylisting, (2) it would encourage wider adoption
of greylisting and thus give spammers more incentive to defeat it for everybody.
So... not a good idea, IMO.