Print Page | Close Window

Greylisting - a much needed feature

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5792
Printed Date: 22 December 2024 at 11:22am


Topic: Greylisting - a much needed feature
Posted By: j3webservices
Subject: Greylisting - a much needed feature
Date Posted: 12 September 2006 at 5:06pm

Are there any plans to implement greylisting? Here is a whitepaper on the subject:

http://projects.puremagic.com/greylisting/whitepaper.html - http://projects.puremagic.com/greylisting/whitepaper.html

The basic premise is this:

Every message attempt initially gets rejected with a 451 temporary error, and three pieces of info are cached: the IP, to addy, and from addy. If the same combination (IP,to,from) is seen again between min_time and max_time, the message is passed to other checks, and the triplet is cached for a period of time. Additional messags from the same triplet (IP,to,from) bypass the greylist.

Min_time is usually around 5 minutes to prevent instant retries, and max_time is usually around 24 hours. Triplet cache time is on the order of days, something like 30-40 days.

ASSP, a free spam proxy perl script, implements this, and it worked really well. The problem(***edit - program***) was buggy for other reasons or I would be using it. But the Greylist was a great feature.

The reason it works is that most mail servers are configured to retry a couple of times after 10-60 minutes (sometimes even up to 24 hours) on a temporary error, whereas automatic spam programs usually give up on any error the first time, or will retry again very quickly.

I would really like to see this implemented. Thoughts?




Replies:
Posted By: WebGuyz
Date Posted: 13 September 2006 at 1:12am
The blacklist cache ins SF works just as well as greylisting IMHO. After x amount of spams detected from a single IP address that address will no longer be allowed to connect for x amount of minutes (where x is settable). Easier to keep track of when you get a lot of traffic.

-------------
http://www.webguyz.net


Posted By: j3webservices
Date Posted: 13 September 2006 at 11:23am

I'm sorry, but I disagree. Greylisting and the blacklist cache are two entirely different methodologies. Number one, the blacklist cache is a reactive filter - it waits for a certain amount of spam from an IP before doing anything. Number two, the ban is too broad, being based on IP only. I have had many problems with this feature where a legitimate emailer is trying to send mail through their ISP's mail server when the ISP also has a spamming customer in their midst. Granted, the ISP should be taking care of this, but all my clients care about is that they are not getting messages from legitimate contacts.

A greylist solves both of these problems. Rather than relying on checking with friends ("Hey, is this server a spammer?") or the message content or country of origin, it challenges every message that comes through with "Prove to me you are legitimate." It's the fundamental difference of innocent until proven guilty vs. guilty until proven innocent. Given that 90%+ of my incoming mail is spam, I prefer the latter. Asking all the messages to wait for a few minutes and try again later is a very good way to "authenticate" legitimate messages. Most legitimate mail servers will retry on temporary failures after a short period of time. Most spamming programs only try once.



Posted By: Desperado
Date Posted: 13 September 2006 at 7:06pm
My 2 cents:
Graylisting has caused us, as an ISP, no end of problems.  It has created extra traffic and tremendous tech support issues where we are asked by our users why they were graylisted and how can we fix it.  This, even after we send a mailing to our users explaining graylisting and how it is not in our control and they are griping at the wrong guys.  At the high volume, ISP level, graylisting should be banned!


-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com



Posted By: Roman
Date Posted: 20 September 2006 at 5:54pm
Totally agree with Dan.
Graylisting will cause significant delays in most cases and delivery errors in some cases.


Posted By: LogSat
Date Posted: 22 September 2006 at 8:11pm
Greylisting is something we've been thinking about for a while. Howeverwe have found that other solutions we created, like the blacklist IP cache and the new SFDB filter have performed wonders, so dedicated most of our time developing new proprietary filters instead.

For some admins greylisting could be a nightmare, for some others it could be useful, this depends on the customer base. We're not discarding the idea of implementing it, however currently our efforts are dedicated to improving our existing filters and releasing the new SpamFilter Enterprise, which will allow more flexibility in the filtering rules per users and per domains.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window