Nathan Ward wrote:
Russell Fulton wrote:
But remember that grey listing is merely a stop gap measure as soon as spammers think that greylising is really hurting them they will rework their spam engines to handle retries -- it won't be that difficult, particularly since they don't have to queue whole messages, just a message id and 'sender' and recipient.
I think it's generally accepted that most (all?) anti-spam "solutions" are stop gap in some way, shape or form.
Definitely! What worries me particularly about grey listing is that, at the moment, it is *very* successful and hugely reduces the load on our servers. I have warned our management that they have to budget for more hardware for the mail system because if grey listing becomes ineffective then our current system could go under really quickly! We may not have much notice -- look at who got caught short by last years' rise in September ;) We survived that by implementing grey listing but not before one of our 4 MTAs was showing considerable signs of stress. What management really don't like is that we can not predict when it will happen nor how much notice we will get. My guess is that 80% of spam is generated by a handful of big players who use a small number of software packages to deliver their spam. I also guess that once one decides to start retrying then they will all follow suit in short order. We could see grey listing become largely ineffective in the space of a month or so. Even if we ordered the new hardware as soon as we thought there might be a problem we could not get it installed and set up before the existing system melted down. In actual practice we would probably steal time on some less loaded VM farms to run extra MTAs while we waited for new hardware to arrive but this may not be possible at some times of the year. Russell