Apologies for spam - we will blacklist that account right away
Thomas Szukala
thsz at web.de
Wed Dec 26 17:17:54 CET 2007
Harish Pillay wrote:
> May I make a suggestion to whoever is running this mailing list to add
> the greylist technique to it as well? I have had milter-greylist
> running on
> my main email servers for over 12 months now, and the amount of spam
> reaching my users/mailing lists has gone down to almost zero.
>
I know greylisting works and is stopping spam very effective (for now).
However this behaviour puts high volume mailservers in a lot of stress.
Also I am experiencing, that spammers are adapting to greylisting and
are connecting multiple times to mailservers. Supposedly in order to
pass greylisting.
Thus, the administrators of these high volume mailservers have to get
rid of several thousands incoming connections per minute from a single
spammer (think of a botnet DDoS you) and delayed outgoing connections
for your customers.
You therefore have a higher deferr rate outgoing (doubling outgoing
connections) and therefore have a bigger mailqueue, additionally you
have more incoming connections (spam) blocking your available TCP ports
permanently only for the cause to reject them.
So my advice would be to not use greylisting, as it pushes the problem
to other parts of the internet and is effective only for a limited time
(if anyone is using it).
My thought is, that it would be much more effective to block
subscription by sophisticated captchas (take care of XSS vulnerabilities
) . Also it might be effective to block subscriptions by using lists of
compromised hosts like CBL (<http://cbl.abuseat.org>).
Try to identify which IPs are causing trouble and do match them with
several blacklists. The lists do not always work in the same way as it
does for others. Sometimes also only a mix of several lists are working.
<http://karmasphere.com/> might help you there.
If you dont have enough samples, be conservative. It is more a hassle to
gain legitimate listmembers back, who you have been lost during
subscription, as blocking fake accounts afterwards.
Have an eye on your subscriptions. Too many new listmembers is certainly
not a cause of marketing.
I might have come a little off topic, but perhaps it helps someone.
I am now getting back to my cookies, ice cream, cake and teas ;-)
Cheers Thomas
More information about the community
mailing list