Has anyone ever heard of greylisting as a defense to combat spam? I just read an article on this, which I plan on re-reading…. http://www.onlamp.com/pub/a/bsd/2007/01/18/greylisting-with-pf.html
But, from what I understand of it…. You work with 3 lists…
[i]
This makes three lists of clients:
* Whitelist: known good clients.
* Blacklist: known bad clients.
* Greylist: we don’t know if they are good or bad yet, but we will soon decide.
The key to grey listing is knowing that good and kind mail servers do not mind being politely asked to come back later. This is part of the STMP protocol. Spammers, however, are cheap and nasty. They don’t like this. They probably won’t come back later. Why? Queue management is tricky. If you’re sending to millions of email addresses, why worry about a few messages that you cannot deliver? Just skip along to the next one. Spammers work on volume. Grey listing exploits that characteristic.[/i]
Now, what I think is the crutz of grey listing is the fact that you are asking any email that you do not know to come back and try again. If it doesn’t, it is most likely a spam email and it rolls to the blacklist… Otherwise, it is very possibly a good guy…
I’m going to be starting an online server business, and in that it is small. I definitely think I will implement this along with a few other defense’s. It’s not a defense in my eyes unless there is at least 3 layers to it, but that’s only my opinion. But, in larger organizations. Would grey listing be a valid defense? Because, the way I understand this. There would be a lag in the initial receipt of an email until the address makes it to the white list.
This article was written for BSD/Linux…. But, I would think grey listing could be done on any OS.
Dan