[Mimedefang] Justifying greylisting to management

David F. Skoll dfs at roaringpenguin.com
Sun Feb 26 10:48:52 EST 2006

Kevin A. McGrail wrote:

> In my testing, I found that greylisting had too many false-positives
> causing important and even critical mail to be unacceptably delayed.

Really?  That's quite the opposite of my experience.

Greylisting is good IF you turn off greylisting for hosts known to retry
(we do that for 40 days: If a host retries, we no longer greylist that host
for 40 days.)

That greatly reduces delays because mail servers that you often correspond
with quickly move on to the "do not greylist" list.

However, many of our customers expect e-mail to work like instant
messaging, and disable greylisting.  That's their choice, but it's too bad.

> I specifically found that large companies and universities were not able
> to handle queued mail and/or even instituted mail retry periods as high
> as 24 hours.

I found that with a small number of providers, but it hasn't been a problem
for me. :-)

> However, I've also been surprised somewhat that spammers haven't reacted
> to greylisting still.  I thought the technique would be invalid by now
> because the minute ratware/malware starts properly following the 4xx
> rules, the technique is from my understanding, null and avoid.

To react properly to greylisting means staying "pinned" to the same IP
for a long(er) period of time, making it more likely that the IP
address will appear in a DNS-based RBL.



More information about the MIMEDefang mailing list