Greylisting -- Was: Anti Spam

Bart Silverstrim bsilver at chrononomicon.com
Mon Apr 30 19:16:46 UTC 2007 

On Apr 30, 2007, at 6:19 AM, cpghost wrote:

> On Mon, Apr 30, 2007 at 01:16:23AM -0700, Ted Mittelstaedt wrote:
>> The system that would cause problems if it ran
>> greylisting is not MY system.  It's the mailserver owned by the  
>> cellular
>> company that I am sending to.   If they went and installed  
>> greylisting
>> it is highly unlikely I could get them to whitelist me.  (have you
>> ever, for example, tried to get a system off AOL's internal  
>> blacklist?)
>
> Yes, that's indeed a problem; but how likely would that be?
> Cellular operators know that their clients expect speedy
> delivery of SMS, including those sent via SMTP. They know
> better than to introduce greylisting latency at the gateway
> when there's already normal latency at the SMSC.
>
> Have you confirmed with your cellular operator that they
> don't offer additional gateways; e.g. based on ICQ, HTTP
> and whatnot? Most likely, they don't offer SMPP-over-TCP
> connections to end-users ( http://www.smsforum.net/ ),
> but probably to a couple of third-party providers that
> you could use instead?

This won't work because you're suggesting he change the system he  
likes.  No matter what, greylisting to him is apparently impossible  
because users need their email as an instant messaging service.  The  
possibility of establishing a domain into a whitelist or testing a  
connection and notification system periodically, which would put his  
domain into their imaginary whitelist, is simply too inconvenient,  
unlike the deletion of spam that a greylist could have prevented  
coming into my inbox.  That apparently isn't inconvenient or annoying  
in the least.

I apparently hold the wrong view.  I think greylisting is still a  
pain in the butt for spammers.  It causes mail servers to have to  
take the time to retry email, something spammers don't like wasting  
time doing. If they're doing something to spoof connections then the  
mail would not even retry because it's going to an illegitimate or  
nonexistent mail server.  But none of this is possibly even a  
percentage of help for your mail server.  Apparently the extra layers  
to try slowing or easing the load on your server is a waste because  
it's *possible* to bypass it without resorting to math magic like the  
stats poisoning used against SpamAssassin now.

For me, I want to slow their servers and waste their resources, just  
like they waste my CPU and storage space.  I don't use email as an IM  
service nor do I use it as a critical availability service without  
investing lots and lots of money on redundancy, so I don't see the  
problem with companies using greylisting.

More information about the freebsd-questions mailing list