In message <20060214230142.GZ26689(a)citylink.co.nz>, Simon Blake writes:
We've been using greylisting here for the last six months, and it's made a huge difference to the amount of noise [.... through other filters ....] I would set your timeout to be really low - 15 seconds would be as effective as 30 minutes, as far as I can see.
I can't help wondering how long this beneficial effect of greylisting will last. It's not _that_ difficult for a spammer to ask their purchased botnet to run its spam list twice. Worst case they need twice as many bots. It's not like it's hard to buy 0wn3d machines these days. Those with greylisting enabled get the message once; those without may well get it twice. Bonus. If greylisting becomes relatively common that's exactly what I'd expect spammers to do. And viruses to do. (Viruses can simply follow the same PRNG or discovered list twice. Perhaps 30-60 minutes apart. Not much extra work, for much more effectiveness.) So what do we do next? Defer twice before accepting? Give up on greylisting? And then get two copies (or three copies)? Seems to me that the end result of this particular "arms race" is that mail delivery gets permanently delayed (since no one can "safely" turn off greylisting without getting multiple copies of the junk), and we end up no further forward on the spam/virus problem. Not that I really see an option which doesn't end up "email becomes even more useless" over a relatively short period of time. Frankly I'm amazed it's lasted this long. We've had 5+ years of what is effectively a sustained denial-of-service attack on email. Ewen