North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Blocking mail from bad places

  • From: Chris Owen
  • Date: Tue Apr 03 13:55:50 2007
  • Domainkey-signature: a=rsa-sha1; b=ZLo/MF/Zo1MSBVV654/v9Swq404rMARisMp6VWRp1tpdxRCdi1HFFKv1RGA6PIGT4XTJ2vvvVbTUpJMDlO4i1NlosbaU/fPc8au5QMdfq2f0ctyjQYgJLwGd6Qy6g9Qn13uEZUGCx6glbBqDfVknKsCK0QFDS4Wi2fP4UwvHu1E=; c=nofws; d=hubris.net; q=dns; s=hubris

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 3, 2007, at 12:19 PM, Thomas Leavitt wrote:

The current situation with email is flat out insane. There is no other way to describe it.

I'd agree that the situation is bad but certainly not uncontrollable. We've had very good success keeping spam in check with a number of technologies while not really having too many problem with false positives. The last 6 months have been particularly nice. About that time we expanded our greylisting policy and that alone has made a dramatic difference. At one point before doing any greylisting we were accepting about 500,000 messages a day and delivering about 30,000. Now we accept about 80,000 and deliver about 25,000. That's a much, much more reasonable ratio.

Really I don't think we are being very aggressive with our greylisting either. We currently greylist IP addresses on a handful of RBLs and ones that lack valid reverse DNS. The greylist only applies for 5 minutes and then we allow the mail through. That 5 minutes though makes all the difference in the world. We've had 2-3 senders complain (mostly about invalid reverse DNS) but really I'm fine with "fix your shit" for an answer to those people. If they can't then they can just wait the 5 minutes with all the other unwashed.

Will spammers adapt? Sure. We've already seen stock spammers who are retrying at 5 minutes to the second. However, this is one of those issues where the cost of adapting may just be to high most of the time. Probably easier to just go after the weaker targets.

My other theory on this is that if spammers really do adapt to greylisting, then they will have no choice but to actually start caring about bounces and clean their mailing lists. If they don't then they just won't be able to keep up with all the queued mail. Getting them to clean up their lists in itself would be a more than minor victory.

Chris

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen         ~ Garden City (620) 275-1900 ~  Lottery (noun):
President          ~ Wichita     (316) 858-3000 ~    A stupidity tax
Hubris Communications Inc      www.hubris.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGEpLRElUlCLUT2d0RAtDVAKCilqRm5LlGOu0z19Z+5PyWLA2QSgCfas+A
bCbab8uLdYtPG9XT7FgbPBM=
=U9Nw
-----END PGP SIGNATURE-----