Re: greylisting on debian.org?
Wouter Verhelst <firstname.lastname@example.org> writes:
> Greylisting already exists. This would just make it _less_ of a problem.
> By greylisting from /27 netblocks, you wouldn't block any additional
> mail as opposed to greylisting in general; quite to the contrary.
Yes, I understand. What I'm saying is that the confining the
graylisting to /27 netblocks instead of per-host, while an
improvement, is not enough of an improvement for me to say, "yes, what
a wonderful idea graylisting is." Or rather, it *is* a wonderful
idea, but I believe that conforming to network protocols is an even
more wonderful idea.
When you say "graylisting already exists", you seem to be ignoring the
possibility that we could have no graylisting. It's not like we are
somehow obliged to choose a graylisting "solution".
> Greylisting in this manner does not require anything specific from a
> remote host, except that it must follow the standards as defined in
> RFC2821 and come back some time after it received the initial 4xx status
> reply. What part of that is a "newly invented standard"?
The standards do *not* say that the remote host must resend the
message from the same host, or the same /27 netblock. It is this
requirement which is newly invented.
> Moreover, I'd like to point out that any piece of software which intends
> to implement some anti-spam measures will have to interpret some
> specific standard more strictly than required by the relevant RFCs so as
> to be able to distinguish spambots from human beings. There is no way
> around that, save making degrading some human being to "anti-spam
> measure for the Debian Project" and requiring him or her to manually
> approve each and every email to our mailinglists. I don't think you want
I can just hear George Bush using this argument. "We have no way of
imposing our will on evil-person so-and-so except by starting a war
and killing millions of people, so, golly shucks, we just have to
start the war. Sorry guys!"
Saying that there is no way to meet your goals other than by doing
some bad thing does not somehow eliminate the badness of the thing.
It is you who wants to avoid cooperating with the IETF on anti-spam
measures, finding solutions that perhaps can work for the whole
network. Not me.