> On 24 May 2020, at 13:05, Charles Sprickman <c...@morefoo.com> wrote: > > > >> On May 24, 2020, at 3:59 PM, Laura Smith >> <n5d9xq3ti233xiyif...@protonmail.ch> wrote: >> >>> >>> I’ve been sort of opposed to greylisting in the past due to a userbase >>> that’s sensitive to delays, but… the spam is worse. >>> >> >> >> IMHO Greylisting is rather pointless. Its a blunt tool, and not only that it >> does that unforgivable thing of annoying genuine people. >> >> I would hazard a guess that if you are being innundated with spam, then your >> RBL setup is less than adequate. Both the choice of RBLs ***AND*** the >> correct configuration thereof is critical. > > As I described in my original email, this isn’t a failure of RBL setup. I’m > just being inundated with: > > - Correctly configured hosts that don’t fail any obvious protocol checks > - Hosts that are not on any RBLs until 5-10 minutes after delivering > > As I see it, I have limited options: > > - Do more filtering on content (blech - these only score +1 or so in SA) > - Delay the mail (from non-whitelisted senders) until the hosts are listed. > >> I should also add that you should not be afraid to pay for access. The good >> lists will (a) block you if you hammer them with high volumes of requests >> (b) save some of their better content (or new innovations) for their paid >> subscribers. > > I’ve trialed the major ones with no improvement. The greylisting suggestion > came from Abusix because they looked up a day of “leaks” and found they were > simply delivering before they were being listed. > >> RBLs these days are pretty darn good, with everything setup correctly you >> can easily be in the very high 90-percentiles of catching spam and pretty >> much zero false-positives. > > Sadly, we seem to be at the head of most spammer’s lists. One of these “paid” > services should give us free access in return for a spamtrap. :) > > It’s also incredibly obvious there are some colos that are catering to these > people, esp. that firm out of Buffalo…
I ran an ISP for a number of years and we had to deal with a lot of spam. When greylisting first became available, I added it into our mix of spam protection. While I don't recall the exact number, over 95% of received mail was blocked. There were a few issues with some legitimate mailers who refused to retry, eventually we whitelisted enough that our users had no issues. This worked because at that time virtually all spammers were drive-by spammers. They sent the email once, and didn't bother to queue it if it couldn't be delivered. The cost of diskspace and internet connections were too high for them. With time, those costs came down. Effectively today there is no additional cost to queue spam. Hence, virtually all the spammers are now using high quality mail servers like postfix. They seem to retry forever. Greylisting has become pretty much useless. When I disabled it a couple years ago, the spam levers did not increase by any measurable amount. We now use just 3 RBLs and that seems to be a relatively acceptable level of spam. -- Doug
