[Mimedefang] greylisting

Alan Madill amadill at hwy16.com
Tue Nov 25 01:06:23 EST 2003 

> I implemented greylisting on the 23rd.
> (read the archives if your wondering what greylisting is.)
> And I am just completelly amazed at how effective it is at bouncing spam,
> and also dropping the load on my mail server.

The original article said that greylisting was effective on short time 
limits but they thought that it could be circumvented by the spammer 
trying another delivery right away.  Could the time delay be 
randomized? 90% in 10 minutes, 5% in 4 hours.

I can think of a lot of situations where an email is expected right 
away.  A 4 hour delay waiting for the filter to allow the mail through 
would not be acceptable.  You would have to have a means to 
provide the recipient a way to whitelist the email in advance. or

The greylist stores a unique key that identifies the sender and 
reciever.  If the bounce message contained a link to an active web 
page where the sender could request to a probationary whitelist 
then it could require the sender to uniquely identify themselves.

A sample dialogue..

sender at source.net sends message to recip at dest.net

mail gets temp greylisted.

mailer at dest.net bounces with a tempfail with a message like...

As part of our spam defense your message has been delayed.  If 
you wish to re-send your message you can bypass the delay by 
providing some identifiying information at 
http://defense.myisp.net/indentify.php/12345678ID .

The link is a key to the greylist entry.  The web page could ask for 
any number of identifiers. It could ask for an email confirmation or a 
country code to be compared to netblock lookup.  Some of the 
questions could be complete BS.  It should be complex enough to 
thwart an automated attack.

The sender indentitfies themselves.

They are temp-whitelisted.

The next resend goes through or they resend.

It's easy for the sender to authorize themselves.  The recipient 
should get a message stating that the request has been approved.  
They would also be able to pernamently blacklist the sender by 
clicking on a link.

If a spammer had to manually accredit themselves with a site, they 
wouldn't bother.  A legitimate sender would not have a problem if it 
was a point click answer type of fix.

It still isn't a replacement for authentication at the MTA level.

More information about the MIMEDefang mailing list