From: Robert L Mathews (no email)
Date: Tue Jun 01 2004 - 01:21:41 EDT
At 5/31/04 7:18 PM, Tom Allison wrote:
>But won't this entire strategy fail once the spammers start sending two
>batches of mail an hour apart?
You'd think so -- they don't even need to track error states, since they
can just send two copies of the same message and not even worry if
someone gets two -- but that assumes some intelligence and organization
on the part of spammers.
However, we've been experimenting with greylisting for some weeks now,
and almost none of the spammers using hijacked DSL/cable/dialup computers
retry (or they retry, but use a different envelope from address or a
different sending computer each time, so it does them no good).
Thinking about it, it's possible that retrying makes no sense from a
spammer's perspective, at least with relatively few people using
greylisting. After all, if you have a list of 100 million e-mail
addresses but you're only going to be able to send 10 million messages
anyway because you haven't hijacked enough machines, it probably makes
more sense to try 10 million addresses once than 5 million addresses
twice. It's not in their interest to try sending a message again if 90%
of them are either going to be read by the same person or rejected a
second time because of blacklists.
In fact, I just did some calculations, and it only makes sense for a
spammer to attempt to send each message twice if he believes more of his
messages are being rejected due to greylisting than are being
successfully delivered. We're a looooooooooong way away from that point.
Anyway, I was skeptical about whether greylisting would really work, too.
But I can't emphasize enough how much difference greylisting has made;
most of our spam has simply disappeared. We were previously rejecting a
little under 50% of our mail as spam, and it's now close to 70% -- with
not a single complaint about missing or delayed mail from thousands of
users. A couple of people have written in to ask if we had a general
problem with our mail servers, because they have stories like "although
I'm not missing any mail I'm aware of, I always get at least 20 pieces of
spam a day, and I've only gotten two pieces of spam in the last week..."
It has been a smash success, and I recommend it.
--
Robert L Mathews, Tiger Technologies http://www.tigertech.net/
"Ignorance more frequently begets confidence than does knowledge."
-- Darwin
|
|
|