Grey-listing

[blu at vl.com (Tom Metro)]

Derek Martin wrote:
>>- Grey-list new correspondents for 1 hour (this blocks incoming spewage for
>>that long no matter how hard they try).
> 
> I don't know what this means...

See:
http://projects.puremagic.com/greylisting/

Basically it takes advantage of the fact that many programs built to 
send spam don't incorporate a queue, so if a message fails on the first 
try, it never gets sent again.

When a message is first received by a server implementing grey-listing 
the the client IP, envelope sender, and recipient will be recorded in a 
database, and then the message rejected with a temporary failure. It 
will continue to be rejected for some timeout period (1 hour in the 
example above), after which a message with those same parameters will be 
accepted. (Grey-listing can be supplemented with white lists to avoid 
delays from known senders.)


> ...but I do know that any kind of list can
> block legitimate senders.  I also know that anyone who wants to
> authenticate my e-mail address before receiving mail from me never
> gets mail from me again...

A legitimate MTA will simply retry sending the message periodically over 
the span of a few days, and thus aside from the delay for the first 
message, it is transparent to the end users. No authenticate step required.


The real problem with grey-listing is that it teaches spammers that 
sending more spam (iterating over their mailing list multiple times) 
will increase their chances of success. And unfortunately, spammers are 
capable of learning...

  -Tom