James Fidell wrote: > Aleksandar Milivojevic wrote: > > >> In short, while greylisting reduces spam significantly, be prepared that >> it's not trouble-free solution. Be prepared to implement workarounds >> for troublesome sites (boils down to some sort of whitelisting). Your >> users don't care that MTA on the sender's side is broken. They want to >> exchange emails, and the intial delay introduced by greylisting is >> already annoying enough for them (for some even more annoying than spam). >> > > Very true. One of the reasons I only greylist based on the sbl/xbl is > to avoid some of the problems you list. I also use a whitelist of sites > known to have problems with greylisting elsewhere in my spam filtering. > It's never going to be a perfect solution though. > > >> As more sites implement greylisting, spammers are more likely to start >> retrying addresses they got 4xx. I already see more and more spammers >> doing this. This makes gerylisting a "temporary solution" that works >> now. In future it will be less and less effective. >> > > Quite so. It will still slow them down, but given the resources they > have access to, probably not very much. Combining it with teergrubing > may help, too, but things will just escalate :( > > James > Teergrubing/tarpitting is actually a technology I am most interested in. Maybe allow 0.1k/sec flow in. It's not one that alone, as in just my mailservers, would have a lot of effect... but if it were used by many systems, this could drastically reduce the flow of spam. It could be done at varying levels, such as only on SpamHaus sbl/xbl... and then perhaps on local rules created adding those new boxes/IP addresses which show up each day. To me, it also seems this has the potential of tying up the compromised computers to the point where the owner/user might realize that they must do something about 'this slow computer'. I don't think my users would be too happy with greylisting, unless it was done only on blocklist, as they have come to enjoy the immediate delivery of email. Also, greylisting has the potential of hurting other ISPs, clogging their systems, just because they signed up a few 'stupid users' who got the latest virus/trojan. If you think back to some of the more successful viruses, mailservers everywhere suffered with many choking and going down. Adding to their mail queues isn't so nice. I do believe that the bulk of spam is still coming from compromised systems... or for sure the bulk of the troublesome spam. We subscribe to SpamHaus and that's the only blocklist I really trust. Our business is primarily in the lodging industry and the internet is responsible for around 80% of their bookings. No false positives is of utmost importance. Another way to fight spam is to keep up with those networks that seem to invite spammers. Someone mentioned AOL as doing a great job. I have to agree. Yes, I've had my moments of frustration, but.... we have cures. I also much commend Earthlink and as of lately, Comcast. Only about a year ago Comcast was the largest spammer in the world. They joined in with what many providers agreed to as 'good email practices' and since April of this year have moved out of the top ten. Verizon!!!! Boycot Verizon... turn in your cell phone, dump your DSL, change your T1 provider... Verizon is now by far the largest spamming network in the world. During a recent conference call between one of my clients and a Verizon Wireless technician, I discovered that their stance is "We provide a connection to the internet period." And the bottom line is they don't care if their network is being abused, don't care if a spammer is landing their other clients on blacklists... and seem to simply be turning their heads... selling connections to absolutely anyone for any use/abuse. Hurt them in the billfold.... they'll put an end to it. They have known spammer issues which go back as far as February of 2002! John Hinton