[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: Heathcliff for Saturday March 17, 2007]

Ian Greenhoe wrote:
I think that grey listing is probably the best solution. I've stated
this opinion in the past, and have not changed it.

Grey listing is a combination of white listing and black listing:
Well, not exactly. That last sentence makes it sound like grey-listing is merely using white-listing and black-listing together... and I've never heard it defined that way. The definition I've always heard could almost be called "soft white-listing". Delivering hosts that are on the whitelist are allowed to deliver mail. Hosts that *aren't* on the list have their initial connections dropped. If they connect again to try to deliver a little later, then they're allowed to send and they're added to the whitelist.

The notion with greylisting is that the spam servers usually don't re-try delivery, but legit MTA's *will* try to resend. I haven't implemented it myself, but a friend of mine tried it and said that it worked very, very well.

Having said that, we continue with what you're proposing:
* Non-subscribers who have not successfully posted before:

  First, the message is put in a temporary queue.

  Second, an auto-generated message is sent to the "From:" address and
the "Reply-To:" address.

  /If/ the person replies to this message, they become white listed and
the queued message will get sent *and* all future messages from this
address will be posted.
From my reading, this system is called "challenge/response", not grey-listing.

Regardless, I think that *either* greylisting or challenge/response (or even both) would help.

- Joe

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to: