[Top] [All Lists]

Re: new draft: draft-santos-smtpgrey-01

2011-10-26 10:59:47

On Oct 26, 2011, at 11:35 AM, Dave CROCKER wrote:

I really worry about saying to the spammer
"this site does greylisting" and, if that happens enough, having
the spammer respond (internally) "ah, it is greylisting and not
some random temporary server unavailability, we know what to do
about that".
giving spammers the information they need to become
smarter and the incentives to do so are really not in our
long-term best interests.

Greylisting only works due to spammer laziness.  It is only a barrier for the 
trivial spamming engines.

As soon as a spammer is motivated to do interesting work, they can and do 
work around greylisting easily.

So this particular context is not one that warrants worrying about "giving" 
information to spammers.

The reason that greylisting continues to be useful is that there happens to 
be a significant portion of the spamming world that does, in fact, use 
trivial engines.

I consider it at least plausible that the reason more spammers haven't worked 
around greylisting is that it's currently below their radar.  They're probably 
aware that it exists, but either they're not aware of how much it affects their 
delivery rates, or they are aware and it doesn't affect those rates enough for 
them to worry about.

Publishing an RFC about greylisting could change this in two ways: (1) it would 
make spammers more aware of greylisting, (2) it would encourage wider adoption 
of greylisting and thus give spammers more incentive to defeat it for everybody.

So... not a good idea, IMO.