Greylisting -- Was: Anti Spam
bsilver at chrononomicon.com
Mon Apr 30 19:08:01 UTC 2007
On Apr 30, 2007, at 4:36 AM, Ted Mittelstaedt wrote:
> I don't understand why people are focusing on trying to redesign
> the monitoring system I'm using. Don't you have any imagination
> at all? The point was that there are legitimate situations where
> the delays introduced by greylisting are a problem. I used the
> monitoring system as an example to make it easy to grasp the
> point. If it would help, I'll stop talking about it and use another
Probably because if this is truly a mission-critical if it fails
you're going to lose your business type system, there would be more
redundancy than just relying on an email to your cell provider, because:
A) greylisting by it's nature will not block you or delay you if
you're legit and are registered legit
B) what happens when your cell is out of range, off for some reason,
fell in the toilet, broken, etc.
C) what guarantee do you have your cell phone will be always working
100% of the time
D) what if your monitoring system fails because something blocks or
breaks email, period
You're making it sound as if greylisting is a terrible idea because
once your failure system won't notify you for some unspecified period
of time. I, and others most likely, are saying that it wouldn't take
much for you to get it working just fine whether the cell carrier
used it or not. And even then, you haven't made a case that ISPs or
businesses still couldn't use it...the inconvenience you point out
still could be worked around simply by doing what I suggested before,
registering legit by periodically sending a quick message, and if you
get "charged" for a short short message like that, then you probably
need a new cell plan if that is pushing you over your free time, or
start having your employer compensate you for using your personal
equipment for business use.
> Sure, it's possible to modify the greylist to whitelist.
I thought most did. That was part of the way they work.
> implies that the sender knows greylisting is happening, knows
> how to get the recipient to whitelist, it implies the recipient
> is even willing to whitelist, etc.
What greylist program are you using? As I recall systems I've seen
like Postgrey automatically track connections and after a certain
number of connections will whitelist them, as they would be
established as legitimate and, contrary to what your arguments make
them out, greylisters aren't there just to slow down everyone's
email. Once established, they let the email right through. You're
making it sound like it's a huge undertaking to get this ability up
> Imagine a cell company that puts in greylisting being deluged by
> 30% of their million-plus userbase requesting to be whitelisted
> for just the reason I cited. Do you think it would be realistic
> for the cell company to do this?
Realistically the userbase wouldn't really even know.
It's the SAME thing that would happen if your email server were
screwed up. Your mail server should retry within a sane period of
time. The vast majority of your imaginary userbase would probably
become whitelisted before they were even aware anything happened. If
the majority of those users are using a popular mail service, it's
not like 30,000 users are making 30,000 requests to their server.
The majority of those users are probably using addresses from
hotmail, gmail, etc...so if 10,000 were on hotmail, 15,000 were on
gmail, and 5,000 were on aol, what are the odds that there's not
already a load of traffic between those sites to the greylisting site?
More information about the freebsd-questions