Milter-greylist

Hi

According to this, we'll soon have to find a new idea for filtering spam
efficiently:

http://news.com.com/Experts+Zombie+trick+set+to+send+spam+sky-high/2100-
7349_3-5560664.html?tag=nefd.top

Summary: new spam engines don't send spam directly but rather use ISP
SMTP servers. That will workaround greylisting, as the ISP SMTP server
will retry sending.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Thu, Feb 03, 2005 at 08:37:16AM +0100, manu@... wrote:
> http://news.com.com/Experts+Zombie+trick+set+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=nefd.top

'"The e-mail infrastructure is beginning to fail," Linford warned. "You'll
see huge delays in e-mail and servers collapsing. It's the beginning of
the e-mail meltdown."'

Great. "Death of Email Predicted, Film at 11"

I don't understand all the doom and gloom surrounding this. Yes, there
may be some bad negative effects in the short-term... greylisting, as
you said, gets less effective, and possibly ISPs get thrown on blacklists
(bad) or they can't be because they're too big (bad in a different way).

But long-term if this is the way things go, I see it as a good thing. ISPs
have a lot more incentive to care about zombie spambot networks than
the average Joe home user with an unpatched Windows box sitting on his
broadband link. And this development means ISPs get a choke-point from
which they can impose maximum sending rates, do monitoring, etc. and
lock those bots out.

And of course the other possibility is that this technique may not work
because of the above, and spammers will go back to doing it the way they
did before, and all of this news will be moot.

Overall I'm not very worried. I certainly don't see it as a "beginning
of the e-mail meltdown" -- that's FUD.

-- 
Brent J. Nordquist <b-nordquist@...> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

At 08:37 AM 2.3.2005 +0100, manu@... wrote:
>
>Hi
>
>According to this, we'll soon have to find a new idea for filtering spam
>efficiently:
>
>http://news.com.com/Experts+Zombie+trick+set+to+send+spam+sky-high/2100-
>7349_3-5560664.html?tag=nefd.top
>
>Summary: new spam engines don't send spam directly but rather use ISP
>SMTP servers. That will workaround greylisting, as the ISP SMTP server
>will retry sending.
>
>-- 
>Emmanuel Dreyfus
>http://hcpnet.free.fr/pubz
>manu@...
>

Emmanuel: On installing greylisting for the first time, it was also my
first thought that it would be good until the bad guys find a workaround. I
agree that GL has been a fantastic tool to-date and has lifted a great load
off of the other tools that eat big resources like spamassassin. The
present SA-3.0+ has constant complaints about hogging huge amounts of
memory -- causing some to revert back to 2.5x or 2.6x -- at the sake of
losing some effectiveness of the advances made by 3.0+.

It is also why I was hoping to see more expansion like the callback/mx IP
matching somehow, etc. In this war, no static anti-spam tool will last long
without change with counter-actions.

My $0.02 for the obvious....


Happy trails,
Jack L. Stone

System Admin
Sage-american