Re: [Asrg] Greylisting BCP
Douglas Otis <dotis@mail-abuse.org> Wed, 19 October 2011 03:39 UTC
Return-Path: <dotis@mail-abuse.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B811F0C87 for <asrg@ietfa.amsl.com>; Tue, 18 Oct 2011 20:39:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V9omfQp7CHBN for <asrg@ietfa.amsl.com>; Tue, 18 Oct 2011 20:39:15 -0700 (PDT)
Received: from SJDC-SDIRelay3.sdi.trendmicro.com (sjdc-sdirelay3.sdi.trendmicro.com [150.70.69.27]) by ietfa.amsl.com (Postfix) with ESMTP id DC5D71F0C86 for <asrg@irtf.org>; Tue, 18 Oct 2011 20:39:15 -0700 (PDT)
Received: from harry.mail-abuse.org (harry.mail-abuse.org [168.61.5.27]) by SJDC-SDIRelay3.sdi.trendmicro.com (Postfix) with ESMTP id 8DE436E012C for <asrg@irtf.org>; Wed, 19 Oct 2011 03:39:13 +0000 (UTC)
Received: from dhcp100.priv.bungi.com (gateway1.sjc.mail-abuse.org [168.61.5.81]) by harry.mail-abuse.org (Postfix) with ESMTP id 147B1A9443B for <asrg@irtf.org>; Wed, 19 Oct 2011 03:39:14 +0000 (UTC)
Message-ID: <4E9E4661.30205@mail-abuse.org>
Date: Tue, 18 Oct 2011 20:39:13 -0700
From: Douglas Otis <dotis@mail-abuse.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <F5833273385BB34F99288B3648C4F06F19C6C14AC6@EXCH-C2.corp.cloudmark.com> <alpine.LFD.2.00.1110181539140.27058@nber7.nber.org>
In-Reply-To: <alpine.LFD.2.00.1110181539140.27058@nber7.nber.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [Asrg] Greylisting BCP
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 03:39:16 -0000
On 10/18/11 12:42 PM, Daniel Feenberg wrote: > > > On Tue, 18 Oct 2011, Murray S. Kucherawy wrote: > >> >> After some chatter inside MAAWG and on the ietf-smtp mailing list, >> I’ve started an >> outline for a BCP on the practice of greylisting. The main purpose is >> to explain >> what it is, discuss the pros and cons of its variants, and give some >> recommendations >> for implementation and configuration for a few example installations >> and policies. >> >> >> >> The draft (which is currently only an outline) is here: >> https://datatracker.ietf.org/doc/draft-kucherawy-greylisting-bcp/ >> >> >> >> Comments welcome. > > Where should comments go? I have a question really, though it might be > construed as a comment. Why do greylisters match on the (sender, > receipient, MTA) triple rather on just the MTA? Isn't it nearly > certain that if an MTA returns for one sender/receipient pair, it will > return for any pair? So that keeping track of all three seems > unnecessary and increases the probability of a message being delayed. > What am I missing? Grey listing challenges stateful processing of the sender to test an often erroneous assumption that bots sending spam don't maintain state. Thanks to grey listing, many bots retry against the same recipients, just not always with the same message. Heuristic methods are quickly defeated once deployed on enough systems. Defining practices for failing concepts seems misguided since such heuristics are likely to make other erroneous assumptions related to the nature of the outbound MTA. We employ temp errors to prioritize limited resources which may delay sources with lower reputations. When they are in the middle of some campaign, the delay may persist until their run completes. There would not be any way to predict how long that might take, nor would any hint likely affect the average bulk sender focused on completing their runs. We are about to publish a list that categorizes this type of behavior. I agree it would make more sense to focus on knowing which domain _controls_ the outbound MTA without umpteen additional transactions. With outbound MTA authentication, receivers would have a sure and robust basis for avoiding abusive transactions, where grey listing would be considered wasted efforts. -Doug
- [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Daniel Feenberg
- Re: [Asrg] Greylisting BCP Chris Lewis
- Re: [Asrg] Greylisting BCP Douglas Otis
- Re: [Asrg] Greylisting BCP Jose-Marcio Martins da Cruz
- Re: [Asrg] Greylisting BCP Martijn Grooten
- Re: [Asrg] Greylisting BCP Peter J. Holzer
- Re: [Asrg] Greylisting BCP Joe Sniderman
- Re: [Asrg] Greylisting BCP Martijn Grooten
- Re: [Asrg] Greylisting BCP Joe Sniderman
- Re: [Asrg] Greylisting BCP Jose-Marcio Martins da Cruz
- Re: [Asrg] Greylisting BCP Peter J. Holzer
- Re: [Asrg] Greylisting BCP Peter J. Holzer
- [Asrg] Microsoft takes over British Telecom t.petch
- Re: [Asrg] Microsoft takes over British Telecom Scott Howard
- Re: [Asrg] Microsoft takes over British Telecom Steve Atkins
- Re: [Asrg] Microsoft takes over British Telecom David Romerstein
- Re: [Asrg] Microsoft takes over British Telecom Steve Atkins
- Re: [Asrg] Microsoft takes over British Telecom Douglas Otis
- Re: [Asrg] Microsoft takes over British Telecom Seth
- Re: [Asrg] Microsoft takes over British Telecom t.petch
- Re: [Asrg] Microsoft takes over British Telecom Alessandro Vesely
- Re: [Asrg] Microsoft takes over British Telecom Steve Atkins
- Re: [Asrg] Microsoft takes over British Telecom Paul Smith
- Re: [Asrg] Microsoft takes over British Telecom Steve Atkins
- Re: [Asrg] Microsoft takes over British Telecom Paul Smith
- Re: [Asrg] Microsoft takes over British Telecom Steve Atkins
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Microsoft takes over British Telecom Alessandro Vesely
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Chris Lewis
- Re: [Asrg] Greylisting BCP Dave Warren
- Re: [Asrg] Greylisting BCP Jose-Marcio Martins da Cruz
- Re: [Asrg] Greylisting BCP Douglas Otis
- Re: [Asrg] Microsoft takes over British Telecom Douglas Otis
- Re: [Asrg] Greylisting BCP Jose-Marcio Martins da Cruz
- Re: [Asrg] Greylisting BCP Jose-Marcio Martins da Cruz
- Re: [Asrg] Greylisting BCP Paul Smith
- Re: [Asrg] Microsoft takes over British Telecom Alessandro Vesely
- Re: [Asrg] Microsoft takes over British Telecom Douglas Otis
- Re: [Asrg] Microsoft takes over British Telecom Paul Smith
- Re: [Asrg] Microsoft takes over British Telecom Paul Smith
- [Asrg] SPF and forwarding (was: Microsoft takes o… Peter J. Holzer
- [Asrg] Authorized forwarding, was Microsoft takes… Alessandro Vesely
- Re: [Asrg] Microsoft takes over British Telecom Douglas Otis
- [Asrg] MTA Authorization/Authentication John Leslie
- Re: [Asrg] MTA Authorization/Authentication Douglas Otis
- Re: [Asrg] Microsoft takes over British Telecom Paul Smith
- Re: [Asrg] Microsoft takes over British Telecom Bill Cole
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Greylisting BCP Murray S. Kucherawy
- Re: [Asrg] Microsoft takes over British Telecom Murray S. Kucherawy
- Re: [Asrg] Microsoft takes over British Telecom Alessandro Vesely