Re: [bitfolk] Spam overwhelming my mail server

Christopher Roberts <cjr(a)tridentgarages.co.uk> said, in message 20140217110647.GE12544(a)bootpolish.net: AFAIK greylisting *is* RFC compliant. It's leveraging the standards in a compliant manner to the disadvantage of non-compliant software (i.e. spamware). RFC2821 says the following: So a 15 minute temporary deferral shouldn't cause any problem with any RFC compliant sender. When we used it in Aber, we stuck with a full hour long deferral on the basis this might give spammers time to end up in RBLs etc. Complaints were rare, but there's nothing stopping people using a 1 minute deferral period to reduce the delay (modulo the remote end's retry policy). Entertainingly, I see there's now an RFC describing greylisting: http://tools.ietf.org/search/rfc6647 The biggest justifiable evilness of greylisting is in expecting other sites to do more work in getting mail to you. To block that vast amount of spam, you're forcing legitimate sites to expend effort queuing and retrying messages. Personally, I hold very little truck with that argument. First off, the whitelisting that is part of the greylisting process means that the vast majority of legit mail doesn't end up being deferred. Secondly the argument works both ways. My mail server has to do extra work to deliver to a site implementing greylisting. Both my server and the remote server benefit from the arrangement. I'd imagine the overheads are negligible for all but the largest senders on the planet and, given they're in it for the cash, having them bear a small amount of extra hardware and network cost isn't something that's going to make me cry. Cheers, Alun. -- Alun Jones, auj(a)aber.ac.uk, 01970 622494 Gwasanaethau Gwybodaeth / Information Services Prifysgol Aberystwyth / Aberystwyth University