Re: Decrease in Threats?

[Gene Rackow <rackow () mcs anl gov>]

Will Aoki made the following keystrokes:
> On Sun, Jan 29, 2006 at 12:15:13PM +1300, Bojan Zdrnja wrote:
> > Greylisting works OK at the moment as spammers have no need to go
> > around it. But, you can be sure that once greylisting reaches critical
> > level of deployment, spammers will go around it very easy (basically
> > they just have to modify their applications).
>
> Indeed, I believe that some spammers, accidentally or deliberately, have
> already done just that. Last summer, I saw pill-spammers sending
> multiple messages from the same source, with the same envelope, and to
> the same recipient over about a seven-minute period. This cut through my
> greylisting quite effectively until I increased the greylist delay.
>
> I haven't noticed any viruses yet that are effective at bypassing
> greylisting - I've only seen a few make it as far as my antivirus in the
> last few weeks. To get around greylisting, they'd need to dedicate space
> to keeping track of what sender they used for each recipient.
>
> If and when spammers and virus authors do start changing their methods,
> I predict the use of greylisting to buy time for spam- & virus-traps to
> feed a good old-fashioned blacklist.
>
> -- 
> William Aoki     KD7YAF    waoki () umnh utah edu    5-1924

I've been wondering about this a little as well.  What if greylisting
was given another parameter for "hits".  Instead of it being just a 
one shot at being "seen before" you include a count.  Now instead of
accepting the 2nd and further hits, you force it to the 3rd hit or more.

There would still be the time check for initial retries.


--Gene