James Fidell wrote:
Aleksandar Milivojevic wrote:
In short, while greylisting reduces spam significantly, be prepared that
it's not trouble-free solution. Be prepared to implement workarounds
for troublesome sites (boils down to some sort of whitelisting). Your
users don't care that MTA on the sender's side is broken. They want to
exchange emails, and the intial delay introduced by greylisting is
already annoying enough for them (for some even more annoying than spam).
Very true. One of the reasons I only greylist based on the sbl/xbl is
to avoid some of the problems you list. I also use a whitelist of sites
known to have problems with greylisting elsewhere in my spam filtering.
It's never going to be a perfect solution though.
As more sites implement greylisting, spammers are more likely to start
retrying addresses they got 4xx. I already see more and more spammers
doing this. This makes gerylisting a "temporary solution" that works
now. In future it will be less and less effective.
Quite so. It will still slow them down, but given the resources they
have access to, probably not very much. Combining it with teergrubing
may help, too, but things will just escalate :(
James
Teergrubing/tarpitting is actually a technology I am most interested in.
Maybe allow 0.1k/sec flow in. It's not one that alone, as in just my
mailservers, would have a lot of effect... but if it were used by many
systems, this could drastically reduce the flow of spam. It could be
done at varying levels, such as only on SpamHaus sbl/xbl... and then
perhaps on local rules created adding those new boxes/IP addresses which
show up each day. To me, it also seems this has the potential of tying
up the compromised computers to the point where the owner/user might
realize that they must do something about 'this slow computer'.
I don't think my users would be too happy with greylisting, unless it
was done only on blocklist, as they have come to enjoy the immediate
delivery of email. Also, greylisting has the potential of hurting other
ISPs, clogging their systems, just because they signed up a few 'stupid
users' who got the latest virus/trojan. If you think back to some of the
more successful viruses, mailservers everywhere suffered with many
choking and going down. Adding to their mail queues isn't so nice.
I do believe that the bulk of spam is still coming from compromised
systems... or for sure the bulk of the troublesome spam. We subscribe to
SpamHaus and that's the only blocklist I really trust. Our business is
primarily in the lodging industry and the internet is responsible for
around 80% of their bookings. No false positives is of utmost importance.
Another way to fight spam is to keep up with those networks that seem to
invite spammers. Someone mentioned AOL as doing a great job. I have to
agree. Yes, I've had my moments of frustration, but.... we have cures. I
also much commend Earthlink and as of lately, Comcast. Only about a year
ago Comcast was the largest spammer in the world. They joined in with
what many providers agreed to as 'good email practices' and since April
of this year have moved out of the top ten.
Verizon!!!! Boycot Verizon... turn in your cell phone, dump your DSL,
change your T1 provider... Verizon is now by far the largest spamming
network in the world. During a recent conference call between one of my
clients and a Verizon Wireless technician, I discovered that their
stance is "We provide a connection to the internet period." And the
bottom line is they don't care if their network is being abused, don't
care if a spammer is landing their other clients on blacklists... and
seem to simply be turning their heads... selling connections to
absolutely anyone for any use/abuse. Hurt them in the billfold....
they'll put an end to it. They have known spammer issues which go back
as far as February of 2002!
John Hinton
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
