Greylisting

[Dolda2000]

I just want to share a revelation with everyone.

I used to get lots of spam on my e-mail address that I serve at home. By lots, I mean around 150 per day. I was quick to turn on SpamAssassin, which along with procmail could automatically sort the spam away before I saw them, but even then, I got 10-20 spams that SpamAssassin couldn't detect through to my Inbox. By then, I had set up an automatic system to feed spams back into SpamAssassin's Bayesian learner via the mail system and all sorts of things.

When I went on vacation in late March for seven days, I came home to an Inbox filled with around 150 spam messages that I had to filter through. Needless to say, that wasn't too fun...

After that, I implemented a trick that I had heard of, Greylisting, since I saw a link to an actual implementation on Slashdot, and this, as you may have guessed, is the revelation of which I am speaking.

Greylisting is so great that I cannot praise it enough. I get no spams anymore. And by that I mean literally none. It's been weeks since I last saw a spam. Sure, there are a couple each that get through the greylisting, but SpamAssassin is still running beyond there, waiting for them. It catches around 5 spams per day these days.

Of course, I don't know how long it will take until spammers out-smart greylisting, but for now, it's just great. I recommend milter-greylist to anyone with even the slightest spam problem.

[onlinebacon]

Cool, had a look at it and it looks cool, I have g-mail though and that is pretty darn good

[kkubasik]

Brilliant, I just dropped from about 600 daily to 4-5 per account (with 5 active accounts on the machine)

[drakebasher]

The filter will always reject mail temporarily on a first attempt, then accept it after some time has elapsed.

What does "some time" mean? Will a legitimate sender see anything at his end? If not, it sounds good, like Dolda2000 wrote, until spammers find a work-around.

[Morgoth]

Hmm, I don't like the "assuming" part, there is still the possibility that somewhere there is a "defect" mail server that will not retry, IMHO it's an ugly hack, and yeah, it's a *very* easy to get around this.

Try Paul Graham's heuristic spam-filter if you want to go for true beauty

[Dolda2000]

The filter will always reject mail temporarily on a first attempt, then accept it after some time has elapsed.

What does "some time" mean? Will a legitimate sender see anything at his end?

"Some time" is usually around 10-30 minutes, but different servers differ. A legitimate sender sees nothing at all, since the mail servers handle everything about this between themselves.

IMHO it's an ugly hack

Indeed, it is an ugly hack. However, it is an ugly hack that works very well. It's easy to get around, but not for spammers (it's hard to keep a listing of a million addresses to retry on a spambotted computer).

I agree that it is in no way a beautiful solution, but it is a very well working solution. As the age-old UNIX mantra goes: "If you can get 90% of the effect for 10% of the work, that's better than getting 100% of the effect for 100% of the work".

Hmm, I don't like the "assuming" part, there is still the possibility that somewhere there is a "defect" mail server that will not retry

Then again, if a mail server doesn't adhere to such basics of the SMTP RFC, then you can honestly say that it's their fault.

[kkubasik]

Agreed, the percentages in spam suck, but the volume that a powerful spam-bot network can turn out makes it profitable, if each transaction were to take only 4-5 seconds longer, then spamming wouldn't be nearly as profitable as it is now (perhaps not even profitable at all) now if someone really wants to send YOU a message about viagra, there is little doubt they could get it to you, but they have to do that millions of times a day to meet the 10 view daily quota...