On Thu, Nov 27, 2025 at 12:01:13AM +0000, Kyrian (List) via mailop wrote: > Folks, > > Time for a major change to spam handling for me. Possibly overdue. > > What's the consensus? In times where 2 factor authentication emails are > frequently completely pointless trying to go through greylisting where they > are delayed beyond their timeouts. But where spammers obviously still > persist. Is it still worth trying to greylist, or rely on other methods > instead? Is it the case where SMTP-time spam/virus scanning is a necessity > and greylisting should be removed? How do other folks on the list balance > out this conflict in their systems?
I've had a situation recently when I needed a password reset on a website I use infrequently, and only on the fourth or fifth try (resend one time code) did the message finally make it through. The reason? They were sending those messages from somewhere not in their SPF info. And of course the service they used to send those messages on their behalf were sending their retries from a random seletion of hosts in their outgoing pool. But sensibly configured senders will not be a problem, in my experience. If you're sufficiently bored or interested, my recent-ish greytrapping retrospective "Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html) might be worth your time. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://nxdomain.no/~peter/blogposts https://nostarch.com/book-of-pf-4th-edition "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
