[Mimedefang] validating 'possibly forged' helo IP's?
David F. Skoll
dfs at roaringpenguin.com
Thu Jan 12 12:34:56 EST 2006
Kevin A. McGrail wrote:
> This is a good point that you aren't bouncing the email for this, just
> tempfailing for grey listing purposes. I wonder for how much longer
> greylisting will be effective though. I figure ratware will eventually have
> to figure it out, no?
Greylisting will continue to be effective for the following reasons:
1) If ratware does *not* adapt to greylisting, then obviously greylisting
will continue to work.
2) If ratware *does* adapt to greylisting, then the sender of a given spam
will be "pinned" to a given IP address for some minutes or hours, thereby
giving DNS-based RBLs more time to catch up.
Both prongs of this pincer movement are necessary for greylisting to really
work well.
"But," you object, "if everyone uses greylisting then submissions to DNS-based
RBLs will likewise be delayed and we're back to square one!"
The answers are that (a) honeypot systems won't use greylisting, and (b)
if you greylist after the final "." (as our commercial products do), you
can still run automated analyses of message content and report obvious spam
to DNS-based RBLs.
(We greylist after "." so as not to break certain nameless substandard
commercial SMTP implementations. No, M$ Exchange is *not* guilty in this
case!)
Regards,
David.
More information about the MIMEDefang
mailing list