Greylisting

Forum Moderators: phranque

Message Too Old, No Replies

Greylisting

Any major downsides?

iJeep

3:44 pm on Sep 10, 2005 (gmt 0)

My ISP just implemented greylisting as an option on our server.

I researched it some and it sounds great. I turned it on and the spam went from several hundred a day to 5 or so.

I only have one big concern. What is the chance a users (legitimate) e-mail will be sent back and their agent/server not send it again?

As much as I want to get rid of spam, it's not worth loosing customer e-mails over.

mcavic

4:37 pm on Sep 10, 2005 (gmt 0)

I believe that greylisting has a serious flaw when it comes to legitimate mail being sent from an ISP with multiple mail servers.

It is a good assumption that legitimate mail will always be retried at least 3 times, and probably for at least 3 days. But it's a bad assumption that retries will be sent from the same IP address.

This is noted in the spec:

Another issue occurs when a large organization uses a pool of outbound mail servers for sending email to a system using Greylisting. If the pool is configured so that the same mailserver (with the same IP) will always retry deliveries for a particular mail, there is no issue. ...

iJeep

4:48 pm on Sep 10, 2005 (gmt 0)

Yes, that is the type of thing that worries me.

When you think of the amount of mail AOL, Hotmail, etc. must send in an hour it would be a necessity to use multiple servers. Also, those are the same domains that many customers use.

mcavic

6:02 pm on Sep 10, 2005 (gmt 0)

Also, it would be very easy for spammers to circumvent it by resending the messages.

Greylisting

Any major downsides?

iJeep

mcavic

iJeep

mcavic

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week