Our current worry is that spammers will suddenly decide that greylisting is taking too much of a toll on their operations and rewrite their senders to include some crude queueing. Then we would have to handle nearly double the number of incoming messages. I believe that this could happen quite quickly and we would be left with heavily overloaded incoming mail servers as it takes *at least* a month from order to deployment of new hardware. More realistically two months as these are not off the shelf components.
I have had 'nolisting' turned on for just 24 hours, a single day isn't a good sample but if it is indicative, then I am going to be quite pleased with the result. Total inbound rejected by the MTAs over the last few months has been 98%. Yesterday, this dropped to 78%. That is a lot of DNS lookups that didn't need to be done, a lot of users that didn't need to be checked and a lot of content that didn't need to be examined and hence a lot of resource I just got back.
I am not sure whether there will be any difference between an MTA handling hundreds of domains as is the case with my trial or one that handles only one. But if yesterday was anything to go by, I will be recommending we turn on 'nolisting' at Massey University as well!
A good result. The thing with spam that we all know, though, is there is no 'golden bullet' - all of these measures are merely interim mitigators, we should all expect the spammers to evolve and develop means of defeating these methods. (In other words, people should be prepared for the increases in load, etc, that are inevitable over time, and gear their boxes and upgrade plans accordingly.) Mark.