[95781] in North American Network Operators' Group
Re: Blocking mail from bad places
daemon@ATHENA.MIT.EDU (Thomas Leavitt)
Tue Apr 3 15:11:46 2007
Date: Tue, 03 Apr 2007 11:59:57 -0700
From: Thomas Leavitt <thomas@thomasleavitt.org>
To: nanog@merit.edu
In-Reply-To: <10A9951F-189C-4CCF-B4D5-D79D78A99EF7@hubris.net>
Errors-To: owner-nanog@merit.edu
I think there is definitely an adaptive factor... initially, vast
quantities of spam disappeared (we have greylisting in as well), and my
personal mailbox went from 100:1 spam to legit to 1:3 spam to legit...
but over time, it has moved up to about a 1:1 spam to legit factor (and
I get about 200-250 non-spam messages a day).
Of course, we also have dozens of wildcarded domains and other legacy
stuff that I wouldn't set up a site with today...
Thomas
Chris Owen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Apr 3, 2007, at 12:19 PM, Thomas Leavitt wrote:
>
>> The current situation with email is flat out insane. There is no
>> other way to describe it.
>
> I'd agree that the situation is bad but certainly not uncontrollable.
> We've had very good success keeping spam in check with a number of
> technologies while not really having too many problem with false
> positives. The last 6 months have been particularly nice. About that
> time we expanded our greylisting policy and that alone has made a
> dramatic difference. At one point before doing any greylisting we
> were accepting about 500,000 messages a day and delivering about
> 30,000. Now we accept about 80,000 and deliver about 25,000. That's
> a much, much more reasonable ratio.
>
> Really I don't think we are being very aggressive with our greylisting
> either. We currently greylist IP addresses on a handful of RBLs and
> ones that lack valid reverse DNS. The greylist only applies for 5
> minutes and then we allow the mail through. That 5 minutes though
> makes all the difference in the world. We've had 2-3 senders complain
> (mostly about invalid reverse DNS) but really I'm fine with "fix your
> shit" for an answer to those people. If they can't then they can just
> wait the 5 minutes with all the other unwashed.
>
> Will spammers adapt? Sure. We've already seen stock spammers who are
> retrying at 5 minutes to the second. However, this is one of those
> issues where the cost of adapting may just be to high most of the
> time. Probably easier to just go after the weaker targets.
>
> My other theory on this is that if spammers really do adapt to
> greylisting, then they will have no choice but to actually start
> caring about bounces and clean their mailing lists. If they don't
> then they just won't be able to keep up with all the queued mail.
> Getting them to clean up their lists in itself would be a more than
> minor victory.
>
> Chris
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun):
> President ~ Wichita (316) 858-3000 ~ A stupidity tax
> Hubris Communications Inc www.hubris.net
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iD8DBQFGEpLRElUlCLUT2d0RAtDVAKCilqRm5LlGOu0z19Z+5PyWLA2QSgCfas+A
> bCbab8uLdYtPG9XT7FgbPBM=
> =U9Nw
> -----END PGP SIGNATURE-----