On Sunday 06 September 2009 02:16:23 Stroller wrote: > > Why hasn't greylisting been mentioned? I greylist and it ends up > > blocking at least 99% of spam in my experience. > > There are some disadvantages to greylisting mentioned here: > > http://en.wikipedia.org/wiki/Greylisting#Disadvantages > > I think there may be an issue whereby if greylisting is widely > implemented & deployed against zombies then the zombies will just be > written to be RFC-compliant. :( >
greylisting currently works quite well. As with all things where you try to block someone who'd like to not be blocked, there are trade offs between cost, effort and effectiveness. Right now, greylisting still gives a decent bang for the buck. Eventually the zombies will be RFC compliant. Spam authors are somewhat slow to catch on but someone will write such a bot and the script kiddy spammers will use it. Then we'll counter with something else and the merry go round continues. The basic problem is that SMTP is fundamentally broken and cannot be fixed when abused. It is also fundamentally almost perfect and does not need tweaking when used <sigh> These two things are irreconcilable. -- alan dot mckinnon at gmail dot com
