Aleksandar Milivojevic wrote:
In short, while greylisting reduces spam significantly, be prepared that it's not trouble-free solution. Be prepared to implement workarounds for troublesome sites (boils down to some sort of whitelisting). Your users don't care that MTA on the sender's side is broken. They want to exchange emails, and the intial delay introduced by greylisting is already annoying enough for them (for some even more annoying than spam).
Very true. One of the reasons I only greylist based on the sbl/xbl is to avoid some of the problems you list. I also use a whitelist of sites known to have problems with greylisting elsewhere in my spam filtering. It's never going to be a perfect solution though.
As more sites implement greylisting, spammers are more likely to start retrying addresses they got 4xx. I already see more and more spammers doing this. This makes gerylisting a "temporary solution" that works now. In future it will be less and less effective.
Quite so. It will still slow them down, but given the resources they have access to, probably not very much. Combining it with teergrubing may help, too, but things will just escalate :(
James