Ian Greenhoe wrote:
Well, not exactly. That last sentence makes it sound like grey-listing is merely using white-listing and black-listing together... and I've never heard it defined that way. The definition I've always heard could almost be called "soft white-listing". Delivering hosts that are on the whitelist are allowed to deliver mail. Hosts that *aren't* on the list have their initial connections dropped. If they connect again to try to deliver a little later, then they're allowed to send and they're added to the whitelist.I think that grey listing is probably the best solution. I've stated this opinion in the past, and have not changed it. Grey listing is a combination of white listing and black listing:
The notion with greylisting is that the spam servers usually don't re-try delivery, but legit MTA's *will* try to resend. I haven't implemented it myself, but a friend of mine tried it and said that it worked very, very well.
Having said that, we continue with what you're proposing:
From my reading, this system is called "challenge/response", not grey-listing.* Non-subscribers who have not successfully posted before: First, the message is put in a temporary queue. Second, an auto-generated message is sent to the "From:" address and the "Reply-To:" address. /If/ the person replies to this message, they become white listed and the queued message will get sent *and* all future messages from this address will be posted.
Regardless, I think that *either* greylisting or challenge/response (or even both) would help.
Description: S/MIME Cryptographic Signature