[AusNOG] Greylisting in an ISP / Hosting Environment

[Nick Brown]

Morning All,

I know this is somewhat off topic for the list, but I'm sure the 
collective mind here will be knowledgeable in the issue none the less.

Our MX gateways have been performing greylisting on all inbound 
connections for the last year or so. This has resulted in a huge 
reduction of spam, when completed after a number of RBL + sender 
behavior policies. Customers for the most part don't seem to notice any 
delay however the odd issue pops up - especially over the last week 
(After our Greylisting whitelist - automatically populated, was purged 
by accident) where we have numerous complaints about email taking hours 
to come in.

Somewhat surprisingly one of the most frequent complaints is where the 
sender is Bigpond, with a typical delay of 1-2 hours.

I'm wanting to get a general feel for the industries views on 
Greyisting, specifically as for the most part the people on this list 
are the ones who are infact trying to send us legitimate email. Is the 
consensus to try and build a well populated whitelist of known networks, 
or are we better to drop Greylisting - incur significant extra load on 
the gateways, and have to spend the extra time trying to fine tune the 
heuristics of our applications.

And before the Ironport brigade comes galloping in, trust me - if the 
budget was there, we would be racking them up already :-)

Cheers.
Nick.