"LISTSERV site administrators' forum" <[log in to unmask]> 
wrote on 09/13/2006 11:35:21 PM:

> You may want to consider greylisting, in combination with other 
spam-filtering
> tools. There are several variations, but the basic premise is that a 
message
> with a never-before-seen sender/source-IP/recipient triplet will be 
rejected
> with a 4xx error. If the sending system is a mail server, it will 
requeue the
> message and retry later, something that few, if any zombies will do. If 
the
> triplet reappears within a reasonable time frame, the message is 
> accepted. It is
> important to use the triplet, rather than just the sender/recipient 
> ocmbination,
> because you may see the same sender/recipient combination from 
> multiple systems
> in a zombie network.

Greylisting was a great step forward when it was developed 3 years ago. It 
continued to work effectively for about a year before the spammers learned 
that all they needed was a copy of sendmail (or qmail or any other 
standard MTA) for an outbound relay to defeat greylisting.

It still blocks some virii, but even most newer varients try to relay 
through the server configured in your mail client.