1 |
On Sunday 06 September 2009 02:16:23 Stroller wrote: |
2 |
> > Why hasn't greylisting been mentioned? I greylist and it ends up |
3 |
> > blocking at least 99% of spam in my experience. |
4 |
> |
5 |
> There are some disadvantages to greylisting mentioned here: |
6 |
> |
7 |
> http://en.wikipedia.org/wiki/Greylisting#Disadvantages |
8 |
> |
9 |
> I think there may be an issue whereby if greylisting is widely |
10 |
> implemented & deployed against zombies then the zombies will just be |
11 |
> written to be RFC-compliant. :( |
12 |
> |
13 |
|
14 |
greylisting currently works quite well. As with all things where you try to |
15 |
block someone who'd like to not be blocked, there are trade offs between cost, |
16 |
effort and effectiveness. Right now, greylisting still gives a decent bang for |
17 |
the buck. |
18 |
|
19 |
Eventually the zombies will be RFC compliant. Spam authors are somewhat slow |
20 |
to catch on but someone will write such a bot and the script kiddy spammers |
21 |
will use it. Then we'll counter with something else and the merry go round |
22 |
continues. |
23 |
|
24 |
The basic problem is that SMTP is fundamentally broken and cannot be fixed |
25 |
when abused. It is also fundamentally almost perfect and does not need |
26 |
tweaking when used <sigh> |
27 |
|
28 |
These two things are irreconcilable. |
29 |
|
30 |
|
31 |
-- |
32 |
alan dot mckinnon at gmail dot com |