On Mon, Nov 27, 2006, Micha Silver wrote about "Re: Picture spams - again.": > After compaints started to mount up from users, I decided to try > greylisting. >.. > I don't know how long this improvement will hold out, but so far I'm > pleased.
The problem with graylisting, is that while it can work if used sporadically by only a few people, the moment it becomes a common approach it will become useless: spammers will simply modify their software to try again. This will only add a little complexity, and not significantly slow down, spamming software. So enjoy graylisting's success while you can ;-) The problem with graylisting, which is why I prefer not to use it (if I have a choice) is that it adds an artificial delay to mail from new domains. For example, when I register to a new site, I will receive the password after an artificial delay, until which I cannot use this site; Same when I register to a mialing list; When some meat-space service provider tells me he'll email me something, I'll get it after a delay and have to make excuses why I haven't seen his email yet. The biggest objection I have with the philosophy of graylisting is this: why does each mail-server installation needs to do its own "graylisting"? If you decide that host X *is* or *is not* a source of spam (based on whether it retries), why not share this information with the rest of the anti-spam community, and save someone else's need to wait for a retry? In essense, this will become an RBL: a collaborative list of IPs thought to be or not be spam sources. I wonder if an RBL exists that classifies hosts according to whether or not they retry their mail sending (I'm not aware of one). -- Nadav Har'El | Monday, Nov 27 2006, 6 Kislev 5767 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |May you live as long as you want - and http://nadav.harel.org.il |never want as long as you live. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
