On Tue, 18 Jan 2011 23:37:07 +0100 "Rolf E. Sonneveld" <r.e.sonnev...@sonnection.nl> wrote:
> I agree with you, looking at my own personal situation. However, many > mail admins (and maybe you too) are responsible for the e-mail > handling of many (tens/hundreds/thousands) of users. Most users have > unrealistic expectations of e-mail delivery times, and become > impatient when an e-mail they send is not delivered after a few > minutes. We can tell them they should not have these expectations, > but they just have them. User education is a tough task. How many > phone calls start with 'Hi <name>, how are you, did you receive my > mail?'. User education can go a long way. One of our (very large) customers filters mail for about 900 000 email addresses and uses greylisting. They've obviously decided the benefits outweigh the costs. [...] > I wish everyone, using greylisting, would do what you did. That sure > would reduce collateral damage! I have a question about your setup: > do you automatically greylist senders to whom you sent mail the last > 6 months? We whitelist those senders... > If so, do you differentiate between interpersonal messages > (legit mail from you to that sender) and out-of-office type messages > (which can be the result of spam messages and can carry your mail > address, depending on what type of mail system you use)? We attempt to. We look for the standard Auto-Submitted header which good auto-responders add. And we use heuristics to try to catch the crappy auto-responders (typically, any MTA made by a large company like Microsoft or IBM qualifies as "crappy") though those are not completely accurate. Another thing we could do in principle but don't currently is share data about which machines pass greylisting. We have a reputation-reporting system that reports on various events, and two of the events it reports are "Machine X was greylisted" and "Machine X passed greylisting". We could publish a DNS zone that you could look up and decide not to greylist a given machine. Right now, we have event data on 15.9 million IPv4 addresses. Of those, about 7.1 million have never passed greylisting (which means we know of about 8.8 million machines that are probably pointless to greylist.) Regards, David.
