Is gray-listing a one-shot anti-spam measure?
http://www.atm.tut.fi/list-archive/debian-security/msg14351.html
Henrique recently stated the belief that gray-listing is a one-shot measure
against spam (see the above URL) and that spammers would just re-write their
bots to do two transmission runs with a delay in between.
I have been considering that point and have come to the conclusion that it may
not be correct.
A delay of transmission means more time for the spamming IP address to be
added to black-lists. So during the gray-list interval (currently 5 minutes
but may need to be increased to something longer such as 30 mins in future)
the spammer keeps sending mail to other systems until they either hit a
spam-trap address or they get reported to spamcop or some other black-list
service. Then when they get to their second attempt at sending to a system
that uses gray-listing they are on a DNSBL or RHSBL listing and are not
permitted to send.
Currently gray-listing can be used on it's own with no other anti-spam
measures and still do some good. This situation will change. But I believe
that in combination with other anti-spam measures it will still offer
considerable benefits even after spammers wake up to it's presence.
Henrique, please don't take this as a flame. I am writing to you because you
best expressed a sentiment that others seem to share, and the debian-isp list
is the best place for such a discussion on the topic.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: