[Mimedefang] early experiences with grey listing
David F. Skoll
dfs at roaringpenguin.com
Thu Jan 13 13:39:40 EST 2005
On Thu, 13 Jan 2005, Gary Funck wrote:
> Another question: How does CanIT (or other robust grey listing
> implementations) handle messages with no sender (ie, From <>)
> address?
I can't speak for other implementations, but CanIt treats <>
just like any other address.
> How do you distinguish between a call back to validate an
> address/mailer, and a spammer getting ready to jam its message
> through?
We don't make that distinction. I should note that by default,
CanIt defers greylisting until after the DATA phase. That's because
some badly-written SMTP software cannot handle the situation in which
all RCPT commands are tempfailed -- it sometimes causes the message to
actually bounce.
Because of this deferral, we do waste bandwidth because we wait until
the message has been transmitted, but on the other hand, we don't interfere
with address-checking callbacks. I'm also thinking about information
that you could extract from a greylisted message. For example, if
you save the message somewhere and wait for a few hours without seeing
a retransmission, then the message is almost certainly spam and you
can use the content of the message to train you Bayes database,
report to a URL blocklist, etc...
--
David.
More information about the MIMEDefang
mailing list