[Mimedefang] SURBL effectiveness and domain turnaround time
David F. Skoll
dfs at roaringpenguin.com
Tue Sep 7 20:15:34 EDT 2004
On Tue, 7 Sep 2004, Jeff Rife wrote:
> Today they aren't *too* bad, but most of what you are seeing are
> *very* "old" domains that just keep up the SPAM attack. In the
> future, though, it'll get worse as more and more servers think a
> good SPF record but no listing on a blacklist means "OK". As that
> happens, expect even faster turnaround on domain names.
Well, there is an absolute lower limit on the useful lifetime of a
domain. A spammer probably can't throw a domain away in much less
than 4-8 hours, because it takes that long to complete the spam run
and for victims to go check their mail. Although I check my mail
practically continuously when I'm at work, many people only check
their mail a few times a day. If SURBL can react within 15-30
minutes, it will still remain quite effective.
This is where greylisting can *really* help -- it gives the blacklists
a head-start before any mail gets accepted. If you greylist after the
DATA phase, your software still has a chance to peek at the message
before it gets delivered, and on a large site, this can be used to
aggregate likely spam URLs for submission into SURBL.
Regards,
David.
More information about the MIMEDefang
mailing list