Slightly OT: Greylisting success or failure stories?

Scot L. Harris webid at cfl.rr.com
Thu Feb 3 22:17:14 UTC 2005 

On Thu, 2005-02-03 at 16:28, David Hoffman wrote:
> On Thu, 03 Feb 2005 16:09:07 -0500,
> replies-lists-redhat at listmail.innovate.net
> <replies-lists-redhat at listmail.innovate.net> wrote:
> > as someone who has had responsibility for large, time-sensitive,
> > mailings, i think that greylisting is bad. it pushes a high resource
> > cost back on the (legit) sender. while it may reduce the amount of spam
> > you get, it basically doesn't change the spammer's costs. also, since
> > they are dealing with percentages, that the one message to you doesn't
> > get delivered does little in terms of their effectiveness.
> >
> > i have found that using dnsbl to block acceptance from dynamic
> > ipaddress assignments and open relays, along with a well-tuned
> > spamassassin implementation basically rids my mailboxes of spam. in the
> > end i get max 1 untagged spam delivered to my mailbox per day -- for an
> > e-mail address that has been in public use for about 10 years.
> >
> 
> Thank you --- whoever you are (unnamed account), for your comments.
> 
> I do agree that with time sensitive situations greylisting could
> certainly be problematic. Fortunately, for this particular box, there
> is nothing time sensitive about any of the communications. Most of it
> is casual e-mails, and friend/family stuff. So I don't think that
> would be a major concern.
> 
> I do have one of my accounts protected by DNSBL and TMDA. Since March
> of 2003, only 8 pieces of spam have gotten through, and in the first
> year of that configuration, logs showed that over 89000 spam mails
> were blocked.
> 
> I guess what I was hoping for was that by using greylisting, some of
> those 89000 messages could have been managed with less resources than
> DNSBL or TMDA would have used.

Greylisting does reduce the resources needed to handle spam.  Assuming
conservatively spam makes up 70% of the inbound email, greylisting only
looks at the envelope of the message as it comes in, sender, recipient,
and the IP address, it then sends the 451 status back unless the message
has been whitelisted or autowhitelisted.  The body of the message for
most spam is never received.  And you don't incur the over head of
spamassassin to analyze the message let alone any additional network
queries you have to do for some RBLs.  I would still have spamassassin
in the mix, it is an excellent backstop for greylisting.

And yes for time sensitive mailings this could pose a problem.  However
I contend that if you have such time sensitive mailings that most likely
it is with known associates and thus they should be whitelisted.  Of
course your organizations tolerance may be different.  Email should not
be considered IM.  There are other tools for IM type communications.

And if more people successfully blocked 99% or better of the spam sent
out it would eventually impact the spammers in the cash flow.  You are
correct, we need to make spamming unprofitable.  But the only way I know
to do that is to track down the 1 or 2% of the computer users in the
world that think buying stuff from an unsolicited email is a good idea. 
Other than hunting them down and taking their computers away from them I
don't know how to stop that.   

-- 
Scot L. Harris
webid at cfl.rr.com

Small is beautiful.

More information about the fedora-list mailing list