Ed Greshko wrote: > You said, "Retries may come from any of those computers" and this is an > incorrect statement. While a major provider has many systems sending out > emails when an individual email is placed in the queue of a sending system > it stays in that system's queue. I replied: > For many > major senders, what you right is absolutely true. I maintain that it is > not universally true, and there are some major exceptions. > > I understand that a number of major senders (who have their own, > custom-written SMTP engines) do resend from different servers. There is > a fair amount of evidence to support this: > > http://www.merakmailserver.com/forum/Greylisting_Bypass_Info/m_1441/tm.htm > http://en.wikipedia.org/wiki/Greylisting makes this point. > http://www.dataenter.co.at/doc/xwall_greylisting_exclusions.htm Ed replied: > Sorry, I don't consider those "evidence" since they are merely statements by > some individuals. <snip> > If you really want evidence, I'll send you my logs and you can see for > yourself. What would that show? I'm attempting to show that it does happen in general, not that it happens to you. The non-spam e-mail that people get is different. If you don't get e-mail from those major senders, then you won't see the phenomenon in your logs. Good! That means greylisting works especially well for you. (It *may* just also be that your greylisting software handles this automatically for you -- what are you using, by the way?) It sounds as though I'm going to have to come up with logs from people who use greylisting who have seen retries from different servers. Would enough examples of that convince you? Or are you essentially unconvinceable on this point unless you see it in your own logs? Part of the problem is that these logs are necessarily going to look anecdotal. Part of the problem is that I'm going to have to rely on logs other people have posted. http://midori.shacknet.nu/OpenSourceProjects/Setting_up_Greylisting_with_Sendmail_v1.2.html#Disadvantages_with_Greylisting shows eleven different addresses that Paypal is using to send one message. http://forum.powweb.com/archive/index.php/t-38837.html includes greylisting logs: hawkers@xxxxxxxxxxx 68.99.120.72 hawkers@xxxxxxxxxxx 68.99.120.69 hawkers@xxxxxxxxxxx 68.99.120.71 hawkers@xxxxxxxxxxx 68.99.120.68 You can see there that the same e-mail from the same individual (the poster's mother) was retried from four different, similar IP addresses. But then, they're excerpts of logs "from some individual". How much Googling do you want me to do? Ed wrote: > So, greylisting is a good thing to implement. Maybe I should have clarified my position, then. Greylisting is a good and valid anti-spam practice that has a few downsides. That's fair enough -- every anti-spam practice has a few downsides. Greylisting has comparatively few downsides -- many have a lot more. It also has a number of upsides that we haven't mentioned[1]. If I've been discussing the downsides of greylisting, that merely means I'm interested in the technicalities. Depending on the particular situation, the best combination of spam techniques may not involve greylisting (because the downsides are greater and the benefits less than for another I wrote: > But I am seeing some evidence that a few spammers are retrying even on > 5xx permanent rejects (for example, identical e-mails, down to To: From: > and Message-ID: fields, from the same IP address). Ed asked: > So, you are now making a case for a blacklist. Yes? No. I'm making an observation that a few spammers' practices are changing in a way that would defeat greylisting. What we *do* about that is another question. It certainly doesn't make greylisting worthless, and won't do unless most spammers change. James. [1] Spammers using "real" MTAs that do retry may not be on DNSBLs the first time they try sending a spam, but have found their way onto automated DNSBLs by the time the greylist time-out has expired. In this case, the greylist is effectively delaying mail until the sender's had a chance to get themselves caught by the spamtraps. -- E-mail: james@ | And the cuckoo isn't cooing, aprilcottage.co.uk | But he's cucking and he's ooing, | And a Pooh is simply pooh-ing | Like a bird. -- 'Noise', by Pooh
