On 2/1/2012 11:05 PM, Per Jessen wrote:
I would recommend not doing full greylisting, i.e. not for all clients. Use a set of criteria to greylist a subset. Criteria: DNS, HELO, etc. In my experience, selective greylisting is way more effective than any RBL.
Seconded. Greylisting everything gets lots of whining from users who confuse email with their instant messenger, but you can get nearly as effective just greylisting stuff that gives you reason to be suspicious in the first place.
If your implementation allows it, you might also consider never whitelisting on DNSWL (and similar) hits, there's absolutely no point in greylisting servers known to already send mail. In my opinion, greylisting's primary usefulness is to let previously unknown IPs have a cool down period while spamtraps have time to detect and list new spam sources.
-- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren
