Re: Slightly OT: Greylisting success or failure stories?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message ----- From: "Craig White" <craigwhite@xxxxxxxxxxx>
To: <jaymo@xxxxxxxxxxxxxxx>; "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Sent: Sunday, February 06, 2005 4:54 PM
Subject: Re: Slightly OT: Greylisting success or failure stories?


On Sun, 2005-02-06 at 14:40 -0600, Jay Moore wrote: 
AFAIK, all greylisting implementations use pretty much the same logic:
if the tuple (ip addr, from:, to:) is not in the "whitelist", return a
tempfail (450). A server is automatically "whitelisted" if he tries the
same tuple after a designated time has elapsed (e.g. 30 minutes). It is
effective apparently 'cause most spammers don't retry their connections.

---
the entire point of spam is low cost. If the 'cost' is raised, it makes
it less attractive. If a spam server has to keep retrying connections
(the tempfail), it becomes expensive and reduces the amount of mail
xfers that any one computer or server can deliver.

But the vast majority of spam comes from spambots or open relays - these don't cost the spammers a penny, and they don't care about quality of delivery.

The most effective tools have always revolved around 'tar pits' of some
kind, designed to elevate the cost of delivery. Managing one of these
tar pits has a cost too, as you must have some backend database to
handle the the tuple attempts and whitelisting or even blacklisting. The
cost however seems insignificant compared to the cost of checking each
and every one with spamassassin.

I have looked at tarpits, and in my opinion, they don't really do any good. Almost no spam traffic actually comes from the spammers. It comes from bots or something like that. While tarpitting might slow an insignificant amount of the spam down, I don't think it's enought to make it worth the hassle of setting up the tarpit.

Spammers are also pretty retarded - I've got an e-mail address that I stopped using over 4 years ago. I still own the domain, though, and there is an MX record for it. I am amazed to see that this old e-mail address which has been inactive for over 4 years still gets several *hundred* spam messages a day. The address wound up on some address list which has been sold and resold between spammers for years. They don't care that the addresses are no good.

Thomas

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux