Josh Welch wrote: > Either you misunderstand what greylisting is, or I was doing something > revolutionary, probably not the revolutionary part. > > When I was greylisting it worked by giving a 4XX "try back later" > message to any from address, domain and IP Address combination which > was not listed in the database. This would result in any standard mail > server queueing the mail for delivery later, at which point the > greylisting server would allow the mail delivery. Many/most spam > operations won't bother queuing mail for later delivery, and you will > never see a particular from address, domain, and IP Address combination > from them again becuase they forge the from address. > > The biggest issue in this scenario for a very high volume operation > with a lot of unique senders is scaling the database. For medium volume > operations it can be quite effective. > > Josh > > D'Oh! And I knew that too. Grey listing is a good thing. Having the sender (most likely a zombie) manage a retry is very effective. Most zombie setups are not smart enough to retry and those that are, typically via a smarthost, get identified as a spammer before you get to see them. Grey listing is a good thing. The "Hello? Are you a human?" confirmation messages are EVIL! Chris