North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Blocking mail from bad places
- From: Thomas Leavitt
- Date: Tue Apr 03 15:13:18 2007
I think there is definitely an adaptive factor... initially, vast
quantities of spam disappeared (we have greylisting in as well), and my
personal mailbox went from 100:1 spam to legit to 1:3 spam to legit...
but over time, it has moved up to about a 1:1 spam to legit factor (and
I get about 200-250 non-spam messages a day).
Of course, we also have dozens of wildcarded domains and other legacy
stuff that I wouldn't set up a site with today...
Chris Owen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Apr 3, 2007, at 12:19 PM, Thomas Leavitt wrote:
The current situation with email is flat out insane. There is no
other way to describe it.
I'd agree that the situation is bad but certainly not uncontrollable.
We've had very good success keeping spam in check with a number of
technologies while not really having too many problem with false
positives. The last 6 months have been particularly nice. About that
time we expanded our greylisting policy and that alone has made a
dramatic difference. At one point before doing any greylisting we
were accepting about 500,000 messages a day and delivering about
30,000. Now we accept about 80,000 and deliver about 25,000. That's
a much, much more reasonable ratio.
Really I don't think we are being very aggressive with our greylisting
either. We currently greylist IP addresses on a handful of RBLs and
ones that lack valid reverse DNS. The greylist only applies for 5
minutes and then we allow the mail through. That 5 minutes though
makes all the difference in the world. We've had 2-3 senders complain
(mostly about invalid reverse DNS) but really I'm fine with "fix your
shit" for an answer to those people. If they can't then they can just
wait the 5 minutes with all the other unwashed.
Will spammers adapt? Sure. We've already seen stock spammers who are
retrying at 5 minutes to the second. However, this is one of those
issues where the cost of adapting may just be to high most of the
time. Probably easier to just go after the weaker targets.
My other theory on this is that if spammers really do adapt to
greylisting, then they will have no choice but to actually start
caring about bounces and clean their mailing lists. If they don't
then they just won't be able to keep up with all the queued mail.
Getting them to clean up their lists in itself would be a more than
Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun):
President ~ Wichita (316) 858-3000 ~ A stupidity tax
Hubris Communications Inc www.hubris.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----