James Wilkinson wrote: > My point -- the standard recommends a retry interval of 30 minutes. That > doesn't mean that a shorter interval doesn't follow the standard, merely > that a longer retry period should be considered normal, according to the > standard. One could also say "a shorter retry period should be considered normal" as well. Better still, "it is normal that admins don't change the default settings of a given MTA". I think the use of the word "normal" requires a definition of what is "normal". > Your point -- in practice, few MTAs follow the recommendation in their > default configuration. In actuality, my point is that the RFC only makes a recommendation buy use of the keyword SHOULD and not all MTA's follow the recommendations. >> You said, "Retries may come from any of those computers" and this is an >> incorrect statement. While a major provider has many systems sending out >> emails when an individual email is placed in the queue of a sending system >> it stays in that system's queue. > > You pointed out "SHOULD", I'll point out "MAY" in my statement. For many > major senders, what you right is absolutely true. I maintain that it is > not universally true, and there are some major exceptions. > > I understand that a number of major senders (who have their own, > custom-written SMTP engines) do resend from different servers. There is > a fair amount of evidence to support this: > > http://www.merakmailserver.com/forum/Greylisting_Bypass_Info/m_1441/tm.htm > http://en.wikipedia.org/wiki/Greylisting makes this point. > http://www.dataenter.co.at/doc/xwall_greylisting_exclusions.htm Sorry, I don't consider those "evidence" since they are merely statements by some individuals. The wikipedia entry simply says "or if the retry comes from a different IP address than the original attempt" but it doesn't offer any proof that it does happen in reality. Also, the section this comes from has a disclaimer of " This does not cite its references or sources." If you really want evidence, I'll send you my logs and you can see for yourself. > I think we're pretty nearly saying the same thing -- the more > greylisting is used, the greater the return on investment would be. If > everyone used greylisting, then spambots would be worthless unless they > learned to retry. So, greylisting is a good thing to implement. > It looks as though most e-mail providers who are likely to use > greylisting already have it in place, and that most spammers either > aren't collecting or analysing reject rates, or they reckon the extra > complexity of retrying isn't worth the hassle. > > But I am seeing some evidence that a few spammers are retrying even on > 5xx permanent rejects (for example, identical e-mails, down to To: From: > and Message-ID: fields, from the same IP address). So, you are now making a case for a blacklist. Yes?
