Liviu Daia <[EMAIL PROTECTED]> writes: > Why should it? The second copy is sent in a separate run, that's > the whole point. The only thing the bot has to figure out is how long > to wait until the second run. A smart one would send a second copy > after 10 minutes, and a third one after, say, 35 minutes.
*BZZT!* Assuming facts not in evidence: a *smart* spambot /and/ a spammer who actually *cares* about the delivery of individual messages. >> Another delivery attempt would be needed after this time to pass >> spamd. Actually, the way it works is more like this: 1st try: 451 try again later * At this point, anywhere between 80%-97% of spammers just move on, there's millions more messages to spew out there, and other hosts which are way more receptive. 2nd try, after passtime: 451 try again later (spamd to self: oh, this one retried, better whitelist) * This is where we decide it has a chance to be non-trash, but we don't let on just yet 3rd try: now you talk to the real smtp daemon (if there is one) * They've passed the test. They may still be bastids, but at least they know some basic rules of conduct. > Moral: randomize the greylisting time... Random numbers can be fun, but I'd like to see real world data which support your theory. I'm beginning to think that this is another one of those 'I refuse to believe greylisting works because I refuse to understand it' episodes. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.