public blacklists

[Scot L. Harris]

On Wed, 2004-12-08 at 12:03, David Cary Hart wrote:
> On Wed, 2004-12-08 at 11:56 -0500, Scot L. Harris wrote:
> 
> > However to keep from having to process all those spam messages you
> > should also implement greylisting.  That alone will reduce spam by over
> > 90% and you won't have to process all those spam messages. 
> > milter-greylist is a very good implementation that I have used with
> > sendmail.  Easy to install and has been trouble free.
> > 
> We did a paid study on the issue. The bottom line is that greylisting is
> great for reducing spam but may be HORRIBLE in a business environment.

The biggest problem that MIGHT occur is users expecting IM type response
from email.  And that is only an issue if the person you are
communicating with is not in your whitelist.  I have found that setting
a 2 minute delay before a new ip/from/to tuple is auto whitelisted works
quite well.  True, the actual retry period is dependent on the senders
MTA but most MTAs I have seen retry a message within 10 minutes.  

The only other issue are those that utilize large email server farms
where a message may get sent from different systems on each retry.  So
far the list of those is relatively small and you can pre-populate the
ones that are known.  

When this was implemented the company was about to chuck email
completely due to the overhead of sorting through all the spam. 
Initially I implemented spamassassin which worked great.  But even that
required a fair amount of time to review those messages dumped to the
spam bucket just in case there was a false positive.  

So far greylisting has worked wonders in this particular case.

There were times when the email server was almost completely over loaded
during particularly heavy spam storms.

Since greylisting the system has not broken a sweat.

-- 
Scot L. Harris
webid at cfl.rr.com

Everything should be built top-down, except this time.