On Sun, 2005-02-06 at 15:54 -0700, Craig White wrote:
> On Sun, 2005-02-06 at 14:40 -0600, Jay Moore wrote:
> > AFAIK, all greylisting implementations use pretty much the same logic:
> > if the tuple (ip addr, from:, to:) is not in the "whitelist", return a
> > tempfail (450). A server is automatically "whitelisted" if he tries the
> > same tuple after a designated time has elapsed (e.g. 30 minutes). It is
> > effective apparently 'cause most spammers don't retry their connections.
> ---
> the entire point of spam is low cost. If the 'cost' is raised, it makes
> it less attractive. If a spam server has to keep retrying connections
> (the tempfail), it becomes expensive and reduces the amount of mail
> xfers that any one computer or server can deliver.
>
Makes perfect sense but whoever said that spammers were sensible? I took
control of what has been a dormant domain for eight months. For eight
months the MX record has pointed to a dead URL. I restored the site and
decided to direct the MX record to a virtual domain on postfix.
After eight months, the same nitwits were still spamming, the instant
that the new MX was propagated, to the tune of 3,000 emails per day to
former employees. A timeout on a dead link is as expensive as it gets.
You won't exact revenge on spammers; You won't deter them either. The
only reasonable approach is to reject as much of their mail as you can.
The most effective tools are those that consume the fewest resources,
rejecting as much spam as possible with the fewest false positives.
> The most effective tools have always revolved around 'tar pits' of some
> kind, designed to elevate the cost of delivery. Managing one of these
> tar pits has a cost too, as you must have some backend database to
> handle the the tuple attempts and whitelisting or even blacklisting. The
> cost however seems insignificant compared to the cost of checking each
> and every one with spamassassin.
>
> Craig
--
Total Quality Management - A Commitment to Excellence
Fight Spam: http://tqmcube.com/rbldnsd.htm
