Spam blocking with greylisting
The core idea of the greylisting technique has been around for a while. It relies on the fact most spammers do not bother to track and retry deliveries which are declined by the receiving system with a temporary failure status. Real mail systems will retry the message later on, until they run out of patience. Spammers just forget about it and move on. So an effective way of blocking a large percentage of incoming spam is to simply refuse mail from new sources with a temporary failure on the first delivery attempt. Real mail will eventually show up again, and be delivered with a small delay. Most spam will never return.
The greylisting technique uses a slightly finer-grained approach. It creates a three-entry tuple out of the originating address, the sender, and the recipient of the message. If the tuple is new, the mail is refused for a configurable period of time. The use of the three-way tuple helps prevent spam from slipping in by using false sender addresses.
The obvious workaround, from a spammer's point of view, is to add retrying for temporary failures to their code. Given the desire of the spam industry to pollute our mailboxes regardless of how hard we try to prevent that, the implementation of temporary failure retrying is only a matter of time. Of course, mail sent through open relays is generally retried anyway, so widespread use of greylisting could result in more use of open relays, and, perhaps, more attempts to compromise systems to turn them into unwilling relays.
As the author describes it, greylisting is meant to be used in conjunction
with other spam-blocking techniques, especially blackhole lists. The hope
is that, by the time the temporary failure interval has ended for a
particular spam source, that source will have found its way into the
blacklists and the message can be blocked permanently. This combination
could, indeed, prove hard for the spammers to get around.
Posted Jun 26, 2003 4:12 UTC (Thu)
by freemars (subscriber, #4235)
[Link]
Greylisting used in connection with 'spamtrap' email addresses might work a bit better against persistant spammers. A highly simplified example:
Allow spammers to harvest 'spamtrap' email addresses, perhaps by adding them to a web page.
When mail arrives from an unknown computer it is refused for, say, 6 hours and the computer is added to the greylist. If the greylisted computer attempts to deliver mail to one of the 'spamtrap' addresses, the computer is moved from the greylist to the blacklist. If the unknown computer only attempts to deliver mail to real addresses it eventually moves from the greylist to the whitelist.
Posted Jun 26, 2003 10:10 UTC (Thu)
by beejaybee (guest, #1581)
[Link] (4 responses)
What's needed to fight spam are international treaties agreeing that unsolicited commercial mailings are unlawful and a universal acceptance that an alleged 'net criminal can be tried in his/her own state using evidence collected outside that state.
Posted Jun 27, 2003 16:48 UTC (Fri)
by giraffedata (guest, #1954)
[Link] (3 responses)
But I don't want any law that says all unsolicited commercial mails are bad. I don't want legislators handling the tricky definition of unsolicited commercial mail. Neither unsolicited nor commercial are bad things. "Unwanted email" is what we're going for. The right solution would be to use the free market. The laws should say bulk mailers have to pay into a fund for every email, and the laws should provide the means to enforce the payments. This would make it impractical for someone to send a million emails when only 10 people will buy the product. But it allows properly targeted solicitation. Properly targetted means there is a significant chance that the recipient will want the product being sold, which means he profits from receiving the email.
Posted Jun 28, 2003 11:37 UTC (Sat)
by copsewood (subscriber, #199)
[Link]
An area where the law could have useful impact would be by agreeing large fines and bounties obtainable by those bringing prosecutions and evidence anywhere the spammer is based against a non-controversial definition of the worst kind of spam, i.e. the kind deliberately using outgoing addresses involving domains belonging to innocent third parties (forged letterheads in other words). This is a form of criminal deception which prevents use of the reply button with a complaint being effective. By making this criminal deception very expensive it then becomes much easier to tune technological measures using origin blacklists against mass mailers who don't use confirmed opt-in list management methods or proper complaint handling.
Posted Jun 30, 2003 13:40 UTC (Mon)
by mwilck (subscriber, #1966)
[Link] (1 responses)
What is so tricky about that? "Unsolicited" is absolutely clear - everything the recipient didn't ask for. "Commercial" shouldn't be so hard to define either.
The right solution would be to use the free market.
The solution you propose has nothing to do with the free market. It is just an different form of legislation. This can be very compared well to environmental legislation (instead of forbidding to dump waste, we assign a cost to it). This may or may not work better than a simple ban. In any case, the assigned cost is determined by legislation, not by the market.
"Proper targeting" requires you to have detailed knowledge about the recipient's interests (in your words, to know what sort of unsolicited commercial email the recipient would not consider "unwanted"). If that knowledge comes from person himself signing up to your newsletter - fine, it's not unsolicited, it's not spam. Otherwise, you could hardly have gathered that knowledge by legal means, at least not in Europe, because such information is considered private and confidential - you cannot have it unless the person himself has given it to you.
Posted Jul 3, 2003 20:54 UTC (Thu)
by khim (subscriber, #9252)
[Link]
"Unsolicited" is absolutely clear - everything the recipient didn't ask for. And that's exactly why it's so hard to define. This assumes you know what you asked for. When you are wisiting web site and it's asking you "Do you want to get our offers daily by e-mail?" and then when you refuse it asks you the same "Are you really sure you want to avoid getting our offers?" it's easy to click Yes or No two times and "ask" for mail. Other thing: what about bug report or help requests ? I'm sometimes get requests for help from some peoples I never knew - they just happen to have the same problems with mars_nwe and/or SONY VAIO. I'm pretty sure I never asked for such mail but it's hardly can be named "spam". So everything is far from black/white picture...
Posted Jun 26, 2003 10:27 UTC (Thu)
by sjlyall (guest, #4151)
[Link] (3 responses)
I run a mail system for a medium sized ISP and if there is a problem causing mail delays people quickly notice and either complain or become frustrated. I think that a system where a large percentage of email is delayed for up to an hour will be unacceptable for many people.
Posted Jun 27, 2003 18:34 UTC (Fri)
by ksmathers (guest, #2353)
[Link]
Posted Jun 28, 2003 2:07 UTC (Sat)
by macfisherman (guest, #6018)
[Link] (1 responses)
Posted Jul 3, 2003 20:56 UTC (Thu)
by khim (subscriber, #9252)
[Link]
Posted Jun 27, 2003 15:07 UTC (Fri)
by copsewood (subscriber, #199)
[Link]
As I didn't have control over the MTA receiving mail for
my domain which I subsequently pick up using POP3, I developed a program
which tags spams using the DNS blacklists at a later stage.
I found my tagspam program on its own can catch about 80%. So I
combined this approach with SpamAssassin as 80% wasn't good
enough. However, the ones that get through tagspam mostly
get caught by SpamAssassin, which on its own also gets about
80%. Fortunately the combination of tagspam and SpamAssassin
seems currently to be getting about 98% (49 out of 50) which
I consider to be fairly good.
Posted Jun 27, 2003 17:31 UTC (Fri)
by madmakis (guest, #1030)
[Link]
Spam blocking with greylisting
Problem - all the extra retries might cause some mail relays to collapse. Especially once the spammers cotton on & begin retrying themselves - after all most of the stuff is undeliverable (sent to non-existent addresses).Spam blocking with greylisting
I agree that treaties and other laws are needed; technology just won't solve the problem.Spam blocking with law
Yes having a microtransaction supported mail system could be very useful, but this goes way beyond SMTP - more a new kind of messaging service altogether. Introducing microtransactions is very difficult, partly due to the psychological preference people seem to have for unmetered but known fixed monthly bills. When microtransactions become a reality, in my understanding this is likely to be based on a similar model to the highly decentralised one I am researching. Spam blocking with law and technology
I don't want legislators handling the tricky definition of unsolicited commercial mail
Spam blocking with law
Spam blocking with law
One problem with this approach is that in this day and age people expect their email to go through in just a few seconds. I'll often be on the phone and I'll email someone a document and then we'll discuss it a few seconds later, many other people are used to doing similar.Spam blocking with greylisting
IM works better for that kind of collaboration. E-mail can be delayed for a whole variety of reasons.
Spam blocking with greylisting
Email is a store and forward technology, not an instant message system.
Spam blocking with greylisting
It does not matter. Peoples are using it as IM technology and they will not stop doing so if you'll say it's not - they will just switch ISP...
Spam blocking with greylisting
I don't know how well this approach will work, at the moment it's at the
same status Bayesian filtering had a couple of years ago.
This is a very, very fast moving target, so research of this kind
is very welcome.Spam blocking with greylisting
I run the mail system for a medium-sized business and am sure that such delays Spam blocking with greylisting
would cause real complaints from our users.
On the other hand, it seems to me that the objective in Greylisting is simply to
establish that we're dealing with a real SMTP compliant MTA. So If I can put
together a list of MTAs known to me and whitelist that beforehand, then
automatically and permanently add new validated entries to the Greylist's whitelist
of MTAs, we would see neither the colapse of mail relays nor more than "1st time
seen" delays for the rest of the mail.
I also don't see the need for the triplets. The sender and receiver addresses seem
redundant if we're just testing for MTAs. There are also quite a few not-so-compliant
MTAs out there.