On Thu, 30 Nov 2012, John Levine wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of "yahoo like" spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful. I've never seen any support for the theory that greylisting
delays make it more likely that the host will be blacklisted when it
retries.
It's not so much the host being blacklisted, as a checksum of the spam
being published by pyzor et. al., or for spamvertised websites in the spam
being published by URIBLs, so that when the sender tries again the score
for that message will be higher than it would the first time around,
hopefully high enough to classify it as spam rather than a FN.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
26 days until Christmas
