From owner-freebsd-questions@FreeBSD.ORG Fri May 4 16:50:26 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A75716A400 for ; Fri, 4 May 2007 16:50:26 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from corellia.vindaloo.com (corellia.vindaloo.com [64.51.148.100]) by mx1.freebsd.org (Postfix) with ESMTP id 2BDC113C43E for ; Fri, 4 May 2007 16:50:26 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from [172.24.145.69] (endor.vindaloo.com [172.24.145.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by corellia.vindaloo.com (Postfix) with ESMTP id 6CC195C38; Fri, 4 May 2007 12:50:23 -0400 (EDT) Message-ID: <463B644A.6040400@vindaloo.com> Date: Fri, 04 May 2007 12:50:18 -0400 From: Christopher Hilton User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Ted Mittelstaedt References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: John Levine , freebsd-questions@freebsd.org, Bart Silverstrim Subject: Re: Greylisting -- Was: Anti Spam X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2007 16:50:26 -0000 Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: Bart Silverstrim [mailto:bsilver@chrononomicon.com] [snip] >> Like I said...if it taxes their resources even one tenth of one percent, >> I'm for it. >> > > It's not their resources, it's the resources they have stolen from other > people by breaking into their systems. Greylisting really, and truly, isn't > a problem for spammers, unless it's coupled with use of blacklists. > Just because the spammers have stolen their distribution network doesn't mean that it has no value to them. The distribution network has a very low cost but that's not the same thing as having a very low value. Most spam is delivered overnight and on the weekend. I think that there are two reasons for this. The older reason is to keep the bots off of the RBLs. But I think that the bigger reason to deliver spam off hours is to protect the botnet from detection. I think that this makes the spammers very sensitive to the duration of a spam run. I don't think that many people are grey listing right now but I think that it's increasing rapidly. On an internet where most people grey list I think that the spammers must see grey listing as a major problem because of what it does the duration of a spam run. -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___________________________________________________________ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14