Greylisting

[Chris Brenton]

On Thu, 2005-06-30 at 10:55, Bill McGonigle wrote:
>
> Roughly:
> 
> 	* incoming mail gets scanned for envelope sender, envelope recipient, 
> sending IP
> 	* if it's the first time the tuple is seen it gives an SMTP 'temporary 
> failure' error.  The sending MTA retrys.
> 	* if it's been seen before it's accepted
> 
> Reportedly, most mass-Spamming tools will just drop the attempt if it's 
> not immediately successful. People are reporting 95% reductions of 
> input to SpamAssassin, et. al. 

I think this might make a cool "additional layer", but I don't think I
would count on it exclusively. I still see a lot of spam (and viruses
and phishing for that matter) that are more than happy to try over and
over again until they get through, regardless of whether they get back a
hard or soft error. 

In fact, there appears to be at least one tool out there that will cache
the MX record and continue targeting it for an extremely long period of
time. For example I moved my domain to a new set of IP's about 2 months
ago. The old MX IP is now a honeypot and I still see a good dozen+ spams
a day.

HTH,
Chris