[Mimedefang] Re: Justifying greylisting to management

David F. Skoll dfs at roaringpenguin.com
Mon Feb 27 13:21:11 EST 2006

Gary Schrock wrote:

> Hey David, any idea what percentage of the spam that's blocked this way
> would also end up blocked by spamassassin?

I would expect most of it, but I've never measured.

> Other than a resource issue in running SA, it would seem to me once
> you accept the data phase, if most of the stuff is going to be
> marked anyways, then at worst all you're doing is adding more tagged
> spam to the mix.

We use greylisting for a number of reasons:

1) It gives DNS-based RBLs a chance to catch up with spammers who stay on
a given IP address.  This makes it more likely that SA will catch the spam.

2) It's very cheap.

3) We are toying with the idea of auto-training greylisted messages that
are *not* retried as spam.  Basically, this lets us use spammer
behaviour to better detect spammer content.  We still haven't actually
done this yet, but it seems like it might be a good idea.



More information about the MIMEDefang mailing list