On Fri, 10 Oct 2008, David MacQuigg wrote:
Greylisting is like a weak antibiotic. The survivors become the
dominant strain and now the whole population is resistant to the
treatment.
You could say that about most anti-spam methods. Many people do about
SPF itself. And the botnet epidemic can be considered the spammer attempt
at "immunity" to IP blacklists.
Greylisting has two effects:
1. Sloppy spamware that doesn't re-queue deferred messages is completely
blocked.
2. To get through, the spammer needs to use the same IP address after the
timeout. He cannot jump IPs to avoid blacklists during the timeout
period, except by starting over with a new timeout.
We knew all along that #1 wouldn't last. The original Greylisting
whitepaper states that the data suggested a mere 1 minute lockdown would
be nearly as effective as longer ones. But because they expected spamware
to improve, they recommended a 1 hour timeout.
#2 still has potential. By combining sufficiently slow greylisting with
a sufficiently fast IP reputation service, spammers can still be
significantly hampered no matter how clever they are.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com