On Thu, 29 Nov 2012 18:01:38 -0800 (PST) John Hardin <jhar...@impsec.org> wrote:
> It's not so much the host being blacklisted, as a checksum of the > spam being published by pyzor et. al., or for spamvertised websites > in the spam being published by URIBLs, so that when the sender tries > again the score for that message will be higher than it would the > first time around, hopefully high enough to classify it as spam > rather than a FN. I would love to gather some hard data on this. Maybe a research project for the future... since we do our greylisting post-DATA, we could in principle run all the content-filtering and URIBL lookups and check if the score changes between the first attempt and the final attempt after greylisting. Or those who use SA without greylisting could reprocess messages after an hour or two and see if the score goes up. [My gut instinct says that a reasonable greylisting interval is too short for most DNSBLs to react. Pyzor/Razor/DCC may be somewhat more adept at reacting quickly.] Regards, David.
