Milter-greylist

Ondrej wrote:
>> I have almost persuaded my boss to engage greylisting to protect the
>> whole company, but he is still sort of concerned about the possible
>> delays it could cause (and I must admit, I understand that concern).

I responded:
> Yeah, I get complaints from co-workers on this every once in a while.

... I completely forgot to mention my workaround:

racl whitelist rcpt /\+nogrey@(example\.com|example\.net)\b/

I tell my users to use +nogrey in their username, so you could mail
bob+nogrey@... and the message won't be delayed by
greylisting.  This is insanely useful for online registrations.

I also let users opt out of greylisting altogether.  Our support queue
does this.  Usernames that are both non-guessable and non-published
(e.g. ondrej.valousek@... instead of andrew@...)
rarely get hit by bots, so the delay is more annoying than useful.

Simple usernames are very sexy, but they are giant spam targets.  For
example, basic username construction on my name would give me
adam@... or akatz@..., but those are both heavy
targets for spamming via name-dictionaries; I'm better off with
adam.katz@....  This would also solve the problem of
determining what usernames Adam Kant and Adrianne Katz should get.
Short usernames are also brute-forced, so you also don't want 1-4
letter usernames (gmail doesn't even allow them!).

Along this line of thought, it is actually advantageous for the
anti-spam administrator of a company to have a very sexy username
--uh, I mean, very guessable username.  Users with problems can just
guess it, and spammers will also guess it.  This means anti-spam
admins get more spam than anybody else, and lo and behold, more
attention is paid to fixing the issue.