> Oh, I'm not saying it doesn't work. What I'm saying is, greylisting
> is trivial to bypass, and some spammers have figured that out.
> Amazingly, most of them still haven't, which is why it still works in a
> significant number of cases.
Just to give an additional data point here: I work for an ISP that
receives upwards of a million inbound SMTP connections per day.
While watching the connection logs, I've noticed that a large majority
of spammers get the first spamd response ("250 Hello, spam sender.
Pleased to be wasting your time.") and immediately disconnect. This
suggests to me that rather than spend time trying to get whitelisted
by spamd servers, they've mostly decided to skip them entirely and
move on to servers that aren't running spamd.
Spamd, by itself, filters out almost 90% of our inbound email. So far,
I've had just two false positives from mail servers that weren't
behaving correctly, that I had to whitelist manually.
We're running spamd with its defaults, for now.
spamd doesn't catch everything, but "it works" is a bit of an understatement.
We've also been hit by backscatter, and I haven't had the time to
figure out how to stop that one yet.
- R.
