Thu, 14 Sep 2006 08:46:53 -0400
|
"LISTSERV site administrators' forum" <[log in to unmask]>
wrote on 09/13/2006 11:35:21 PM:
> You may want to consider greylisting, in combination with other
spam-filtering
> tools. There are several variations, but the basic premise is that a
message
> with a never-before-seen sender/source-IP/recipient triplet will be
rejected
> with a 4xx error. If the sending system is a mail server, it will
requeue the
> message and retry later, something that few, if any zombies will do. If
the
> triplet reappears within a reasonable time frame, the message is
> accepted. It is
> important to use the triplet, rather than just the sender/recipient
> ocmbination,
> because you may see the same sender/recipient combination from
> multiple systems
> in a zombie network.
Greylisting was a great step forward when it was developed 3 years ago. It
continued to work effectively for about a year before the spammers learned
that all they needed was a copy of sendmail (or qmail or any other
standard MTA) for an outbound relay to defeat greylisting.
It still blocks some virii, but even most newer varients try to relay
through the server configured in your mail client.
|
|
|