[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, 24 Jan 2010, Simon Waters wrote:
Gordon Henderson wrote:I suspect that if a spammer gets through the NoListing, it'll get through the GreyListing too, but in any case, GreyListing (& SA) require CPU & disk resources while NoListing doesn't.Bypassing greylisting requires spammers to maintain state (or retry routinely), both of which present a significant cost and above something like trying the next MX which doesn't require significant state to be maintained but can be done in a loop. So whilst I'm sure all the spam from genuine email servers will pass both greylisting and nolisting, spambots could more easily pass NoListing if the spammer can be bothered.
Well, indeed. However, I don't think it'll be too long before some geek turns to the dark side with the lure of money and writes a zombie spambot that does a trivial amount of queuing, then ...
I am gob-smacked by the people who really don't have a clue though and let their (win) PC get infected, then wonder why it's going slow and their Internet connection is slow and ... Oh, time for a new PC ... (MY wifey has a friend in London who's exactly like that - her PC is riddled with just about everything all the time - she cleans it up, and a day later it's back - if only I could instll Linux for her...)
That said you can use both, I've been wary of NoListing simply because of the appalling quality of some email servers (and admins), but I doubt it causes many more issues than greylisting, and probably from the same few servers that can't adhere to an RFC.
Indeed. It doesn't seem any worse than greylisting... I've chatted to a few friends who've been using it for a while and they're happy enough, so took the plunge myself...
It's going to be a bit of a disaster when the spammers cotton onto NoListing and Greylisting, but GL has held out for a few years now.. Lets hope it holds up for a few more...My stats show that greylisting is no longer the single most effective preventative we use. The Spamhaus ZEN list exceeds it in terms of volume stoped, this is due to big decline in GL effectiveness (it has dropped from stopping 97+% of spam as a single measure to well under 90%) as well as improvements to the Spamhaus block list (the inclusion of the PBL being a key change).
Interesting - I stopped using the RLBs a few years back due to (their) politics, arguing, and some false-positives from customers. Maybe I'll look again.
I found the "ix.dnsbl.manitu.net" block list provided good skill, it is an automatic block list based on current spam sources, and thus picks up on individual spam runs from mail servers which have had accounts compromised and the like. This works well with greylisting - come back in 10 minutes when the block list has had a chance to add your IP address. Although it became a political issue at work when it blocked email from Demon. Clearly the list authors has a relatively small whitelist of hosts not to block, and Demon's servers were spewing spam at the time.
Woops :) However: There are currently 489,639 entries listed at the dns-zone ix.dnsbl.manitu.net which have been collected during the last 12 hours (-8,925 within the last 5 minutes).Staggering. They get in 5 minutes what I get in a day to my own account. I wish I could get away without providing email for punters, but where are they going to go then...
I think the bigger issue than spammer bypassing greylisting, or nolisting, is credential theft. Hence the issue with emails from Yahoo and Google.
There seemed to have been a spate of email from "myself" to me recently, advising me that my email configurations had changed and would I just login to this site to reset them... Hmmm... maybe time to flick the SPF switch..
Cheers, Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html