Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Next Step in Fighting Spam: Greylisting

Posted by michael on from the ideas-are-a-dime-a-dozen dept.

Evan Harris writes "I've just published a paper on a new and unique spam blocking method called "Greylisting". The best thing about it other than achieving better than 97% effectiveness in blocking spam, is that it practically eliminates the main problem of other solutions: the false-positive. There's even source code for an example implementation written as a perl filter for sendmail, along with instructions for installing, so you can get up and running quickly."

4 of 481 comments (clear)

  1. can't believe their numbers by sqrt529 · · Score: 5, Informative

    most spam today is sent through open relays. Those relays will simply retry the delivery no matter which software the spammer uses, so the method won't work.

    1. Re:can't believe their numbers by McDutchie · · Score: 5, Informative

      Eh, open relays are soooo 20th century. :) Actually most open relays today are either blocked or closed, and newly installed MTAs are secure against third-party relaying by default, so this spam method is dying out. Most spam today is sent either directly to the receiving MTA, through open proxies, or through formmail.pl and similar exploits.

  2. Tempfailing is not new and unique by HiKarma · · Score: 5, Informative
    This idea isn't so new or unique. It's been discussed a fair bit on the ASRG mailing list under the name "tempfailing".

    First I heard of it was from Landon Noll and Mel Pleasant. It is noted in brief as one of the techniques in this plan to end spam (though their plan, which did include the triplets, is not laid out in full there.)

    It is a worthwhile technique for a little while, and if spammers were rational, would be worthwhile for some time to come. But spammers are not rational, and already this technique is not as useful as would be hoped.

    Do a Google Search for Tempfailing especially in ASRG to see statistics etc.

  3. Re:your first mistake by TheCarp · · Score: 5, Informative

    not at all

    Read the paper. Spammers would figure it out eventually. What it buys is what they have to do to get around it.

    It means they have to do retrys...that means spam runs take longer, especially since they have to run...then wait for a locally defined timeout, and run all those addresses again

    AND they have to do it from the same IP.

    This raises their bandwidth profile. It wastes their time... all in all... it raises their cost of doing buisness and cuts into their profit margins.

    It means they will have to upgrade their tools again. It means they get headaches. And of course, the next step is to impliment spam traps that watch activity and see that a spammer is spamming, and promotes them to a blacklist before they can even retry. (oh gee 1000 new greylist triplets from 1 IP in under 5 mins? Set the timeouts for that IP to 12 hours)

    -Steve

    --
    "I opened my eyes, and everything went dark again"