[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: We need an IETF BCP for GREY LISTING
On Tue, Oct 11, 2011 at 08:06:16AM -0400, Keith Moore wrote:
> I'm not sure that it's worth the trouble. The whole point of
> greylisting is to marginalize naive client implementations on the
> assumption (largely valid to this point) that they're likely to
> be spambots. But I expect that spambots will start to deal with
> greylisting very soon. If IETF were to document greylisting it would
> only accelerate that process.
I don't think documenting greylisting will accelerate the
(already-underway) process of spammer adaptation. I think the prime
mover there is the adoption rate of greylisting. This isn't unique
to greylisting -- we've seen spammers adapt to other countermeasures
when they've (apparently) judged that those measures are sufficiently
widely-used to merit their attention and effort.
On the other hand, it's not clear to me what benefit we could achieve
by doing so. That is, I'm not sure I see many instances of greylisting
implementations behaving badly -- thus, potentially benefitting from
a document that would give some guidance. I think that most of the ones
I've observed are doing a reasonable (if, perhaps, sometimes annoying
or inconvenient) job of deferring mail traffic for a sensible length
of time. Are others' logs reflecting a different picture?