[AusNOG] Greylisting in an ISP / Hosting Environment

Simon Lyall simon at darkmere.gen.nz
Mon Apr 27 11:15:35 EST 2009


On Mon, 27 Apr 2009, Nick Brown wrote:
> I'm wanting to get a general feel for the industries views on
> Greyisting, specifically as for the most part the people on this list
> are the ones who are infact trying to send us legitimate email. Is the
> consensus to try and build a well populated whitelist of known networks,
> or are we better to drop Greylisting - incur significant extra load on
> the gateways, and have to spend the extra time trying to fine tune the
> heuristics of our applications.

The main problems I see with Greylisting are:

1. Customers expect Email to be sent within a few seconds ( as in while
    they are talking to the other person over the phone )

2. Mail servers do NOT retry the same way that Greylist people expect them
    to.

2a. The email may be resent from a different server than what originally
    tried to send it ( shared queue among server cluster )

2b. Retry times may be shorter, longer or with a different backoff
   algorithm ( and change depending on random factors ) than what they
   greylisting algorithm expects.


Overall they customers only care that you block the spam not how you do 
it. However they will care that emails are taking minutes/hours/days to 
get delivered whereas other sites s do not have the same problem.

Having a whitelist will fix some of the problems but it'll never have 100% 
coverage.

Personally I also dislike any anti-spam method that can be beaten by 20 
lines of code.

-- 
Simon Lyall  |  Very Busy  |  Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.




More information about the AusNOG mailing list