On Tue, 14 Oct 2008, Stuart D. Gathman wrote:
On Tue, 14 Oct 2008, David MacQuigg wrote:
What do you think of Michael's suggestion to make the minimum really long?
Not feasible. Users have enough trouble accepting a 5 minute delay.
"Ok - I sent you an email. Did you get it? No. Hmmm. Let me try again.
Did you get that one. No? Is your email working? ... "
Five minutes is way too short. If you really can't increase the minimum
beyond that, you'll have to resign yourself to the eventual uselessness of
your greylisting implementation. All you'll catch are the spammers with
old software, and perhaps ones that apply a one-size-fits-all retry
schedule that does not exploit your wide window.
Will that avoid the "weak antibiotic" problem?
Only if the delay is 4 days - to make the spammers actually pay for
their throwaway domains. That certainly won't fly.
Four days is obviously unreasonable. But a shorter time, on the order of
hours, should be enough for automated blacklists (eg: Spamcop, XBL,
UCEPROTECT) to react to the spammer's initial run, spiking his attempt at
a follow-up run to hit the greylist-protected addresses. Remember, he has
to use the *same zombies* for the follow-up run in order to pass
greylisting.
The optimal lockdown time would depend on the reaction time of the
blacklists you use. I'm not sure what that is, but it would be
straightforward enough to research.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com