>Surely the sender has a limited number of IP addresses. Once a >client IP address passes postscreen's "after 220" tests, it is >whitelisted and can send mail without "after 220" tests for 30 days.
Of course, it's finite. It's not small though. Here's the SPF record: ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 That's a *lot* of ips. My only point was you had mentioned a month or two ago that you had already coded some sort of penalty time with no trigger, for which I suggested a few. However, greylisting OR deep protocol tests with postscreen is a problem for the reasons given for gmail at least. Unless, one whitelisted I suppose all the ranges listed in the spf record. Likely, they are the largest mail provider to deal with. Yes, I don't have to use them, which of course is not my point. I am not picking on postscreen, I like postscreen. Just pointing out an issue. Yes, the 30 days might work, gradually. As the list fills up, mail will get through. Initially though, you could lose some. So, unless I am missing something, those using deep protocol tests should consider adding whitelisting for the ip ranges for at least gmail, possibly some others as well so as to not lose or un-necessarily delay emails.
