At 22:06 20-11-2006, Duncan Hill wrote:
Greylisting has been used now for over 2 years. I haven't seen any
spammer adapt their botnets to handle it in that time frame. Some
have moved to using ISP relays or other
unsecured 'real' MTAs, but the majority live for the one-shot
attempt. I do see the same message (presumably) being tried by
multiple compromised PCs (same from/to for each one, 3 seconds apart or less).
Some compromised hosts do retry delivery (same from/to/IP address)
within a minute.
Regards,
-sm
