Milter-greylist

Jim Hermann wrote:
> --- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@...> 
> wrote:
>> Does it matter? If they link against openSSL, they can also jut as 
> easily retry..
> 
> Why can they just as easily retry if they can link against openSSL?
> 
> I thought that spammers did not retry because it took too much time or 
> they weren't using a real email server.  I did not realize that 
> linking against openSSL took a lot of time or required a real email 
> server.

You don't need a real mailserver to retry. You also don't need a lot of time to 
retry.

Spammers don't retry because they're trying to keep their bot payloads small and 
simple. Complex bots means more potential for bugs, which means more downtime 
from sending spam runs. Implementing OpenSSL/STARTTLS isn't small and simple.

Look, I don't want to give spammers any ideas, so I'm going to be a bit vague 
here. I apologize in advance, but it's in the best interest of milter-greylist 
users that I not publicly post good, efficient methods for bypassing it that 
spammers haven't thought of yet.

Suffice to say, in my opinion, it would be substantially easier to implement a 
retry in a spam bot than it would be to link OpenSSL and implement everything 
needed to support STARTTLS.