[Mimedefang] fade-to-black grey listing?

Gary Funck gary at intrepid.com
Tue Jan 20 16:23:53 EST 2004


Was watching the Spam Conf. webcast at
http://spamconference.org/
and there was by Bill Yerazunis entitled "Beyond 99.9% accuracy",
and one idea that he mentioned using information such as evidence
of dictionary attacks, or messages sent to a mail "land mine"
(honey pot) as way of improving on the accuracy of spam determingation.

Although not discussed directly, it seemed like this idea could be
combined with grey listing. The idea would be to hold off acceptance
from an IP/user that hadn't been previously recorded/validated long
enough to give time for additional mail to come in via either a honeypot,
or to determine that a dictionary attack is underway. Once it was
determined that the IP is being used to send spam, it could be black listed,
so that a subsequent attempt would be denied.

A couple of complications with this proposal: (1) since spammers are
increasingly using zombies running on unsuspecting DSL/dialup users' PC's,
it is quite possible for the spammer to fan out over several of these
intermediate PC's to make it difficult to single out one IP as an offender.




More information about the MIMEDefang mailing list