amadill at hwy16.com
Tue Nov 25 01:06:23 EST 2003
> I implemented greylisting on the 23rd.
> (read the archives if your wondering what greylisting is.)
> And I am just completelly amazed at how effective it is at bouncing spam,
> and also dropping the load on my mail server.
The original article said that greylisting was effective on short time
limits but they thought that it could be circumvented by the spammer
trying another delivery right away. Could the time delay be
randomized? 90% in 10 minutes, 5% in 4 hours.
I can think of a lot of situations where an email is expected right
away. A 4 hour delay waiting for the filter to allow the mail through
would not be acceptable. You would have to have a means to
provide the recipient a way to whitelist the email in advance. or
The greylist stores a unique key that identifies the sender and
reciever. If the bounce message contained a link to an active web
page where the sender could request to a probationary whitelist
then it could require the sender to uniquely identify themselves.
A sample dialogue..
sender at source.net sends message to recip at dest.net
mail gets temp greylisted.
mailer at dest.net bounces with a tempfail with a message like...
As part of our spam defense your message has been delayed. If
you wish to re-send your message you can bypass the delay by
providing some identifiying information at
The link is a key to the greylist entry. The web page could ask for
any number of identifiers. It could ask for an email confirmation or a
country code to be compared to netblock lookup. Some of the
questions could be complete BS. It should be complex enough to
thwart an automated attack.
The sender indentitfies themselves.
They are temp-whitelisted.
The next resend goes through or they resend.
It's easy for the sender to authorize themselves. The recipient
should get a message stating that the request has been approved.
They would also be able to pernamently blacklist the sender by
clicking on a link.
If a spammer had to manually accredit themselves with a site, they
wouldn't bother. A legitimate sender would not have a problem if it
was a point click answer type of fix.
It still isn't a replacement for authentication at the MTA level.
More information about the MIMEDefang