Apologies for spam - we will blacklist that account right away

Thomas Szukala thsz at web.de
Wed Dec 26 17:17:54 CET 2007 

Harish Pillay wrote:
> May I make a suggestion to whoever is running this mailing list to add
> the greylist technique to it as well?  I have had milter-greylist 
> running on
> my main email servers for over 12 months now, and the amount of spam
> reaching my users/mailing lists has gone down to almost zero.
>   
I know greylisting works and is stopping spam very effective (for now).
 
However this behaviour puts high volume mailservers in a lot of stress. 
Also I am experiencing, that spammers are adapting to greylisting and 
are connecting multiple times to mailservers. Supposedly in order to 
pass greylisting.
Thus, the administrators of these high volume mailservers  have to get 
rid of several thousands incoming connections per minute from a single 
spammer (think of a botnet DDoS you) and delayed outgoing connections 
for your customers.
You therefore have a higher deferr rate outgoing  (doubling outgoing 
connections) and therefore have a bigger mailqueue, additionally you 
have more incoming connections (spam) blocking your available TCP ports 
permanently only for the cause to reject them.

So my advice would be to not use greylisting, as it pushes the problem 
to other parts of the internet and is effective only for a limited time 
(if anyone is using it).

My thought is, that it would be much more effective to block 
subscription by sophisticated captchas (take care of XSS vulnerabilities 
) . Also it might be effective to block subscriptions by using lists of 
compromised hosts like CBL (<http://cbl.abuseat.org>).
Try to identify which IPs are causing trouble and do match them with 
several blacklists. The lists do not always work in the same way as it 
does for others. Sometimes also only a mix of several lists are working. 
<http://karmasphere.com/> might help you there.

If you dont have enough samples, be conservative. It is more a hassle to 
gain legitimate listmembers back, who you have been lost during 
subscription, as blocking fake accounts afterwards.

Have an eye on your subscriptions. Too many new listmembers is certainly 
not a cause of marketing.

I might have come a little off topic, but perhaps it helps someone.

I am now getting back to my cookies, ice cream, cake and teas ;-)

Cheers Thomas

More information about the community mailing list