| 1 |
On Sunday 06 September 2009 02:16:23 Stroller wrote: |
| 2 |
> > Why hasn't greylisting been mentioned? I greylist and it ends up |
| 3 |
> > blocking at least 99% of spam in my experience. |
| 4 |
> |
| 5 |
> There are some disadvantages to greylisting mentioned here: |
| 6 |
> |
| 7 |
> http://en.wikipedia.org/wiki/Greylisting#Disadvantages |
| 8 |
> |
| 9 |
> I think there may be an issue whereby if greylisting is widely |
| 10 |
> implemented & deployed against zombies then the zombies will just be |
| 11 |
> written to be RFC-compliant. :( |
| 12 |
> |
| 13 |
|
| 14 |
greylisting currently works quite well. As with all things where you try to |
| 15 |
block someone who'd like to not be blocked, there are trade offs between cost, |
| 16 |
effort and effectiveness. Right now, greylisting still gives a decent bang for |
| 17 |
the buck. |
| 18 |
|
| 19 |
Eventually the zombies will be RFC compliant. Spam authors are somewhat slow |
| 20 |
to catch on but someone will write such a bot and the script kiddy spammers |
| 21 |
will use it. Then we'll counter with something else and the merry go round |
| 22 |
continues. |
| 23 |
|
| 24 |
The basic problem is that SMTP is fundamentally broken and cannot be fixed |
| 25 |
when abused. It is also fundamentally almost perfect and does not need |
| 26 |
tweaking when used <sigh> |
| 27 |
|
| 28 |
These two things are irreconcilable. |
| 29 |
|
| 30 |
|
| 31 |
-- |
| 32 |
alan dot mckinnon at gmail dot com |
Archives