[SECURITY-L] The Next Step in the Spam Control War: Greylisting

[Daniela Regina Barbetti Silva]

----- Forwarded message from Rafael R Obelheiro <rro em das.ufsc.br> -----

From: Rafael R Obelheiro <rro em das.ufsc.br>
Subject: [S] The Next Step in the Spam Control War: Greylisting
To: seguranca em pangeia.com.br
Date: Fri, 20 Jun 2003 22:15:48 -0300

[http://projects.puremagic.com/greylisting/]

The Next Step in the Spam Control War: Greylisting
By Evan Harris

Copyright 2003, all rights reserved.

Introduction

This paper proposes a new and currently very effective method of
enhancing the abilities of mail systems to limit the amount of spam
that they recieve and deliver to their users. For the purposes of this
paper, we will call this new method "Greylisting". The reason for
choosing this name should become obvious as we progress.

Greylisting has been designed from the start to satisfy certain
criteria:

  1. Have minimal impact on users
  2. Limit spammers ability to circumvent the blocking
  3. Require minimal maintenance at both the user and administrator
     level

User-level spam blocking, while somewhat effective has a few key
drawbacks that make its use in the continuing spam war undesirable. A
few of these are:

  1. It provides no notice to the senders of legitimate email that is
     falsely identified as spam.
  2. It places most of the costs of processing the spam on the
     receivers side rather than the spammers side.
  3. It provides no real disincentive to spammers to stop wasting our
     time and resources.

As a result, Greylisting is designed to be implemented at the MTA
level, where we can cause the spammers the most amount of grief.

For the purposes of evaluating and testing Greylisting, an example
implementation has been written of a filter that runs at the MTA
(Message Transfer Agent) level. The source for this example
implementation is available as a link below, and as other
implementations or additional utility code become available, they will
also be linked.

Greylisting has been tested on a few small scale mail hosts (less than
100 users, though with a fairly diverse set of senders from all over
the world, and volumes over 10,000 email attempts a day), however it
is designed to be scalable, as well as low impact to both
administrators and users, and should be acceptable for use on a wide
range of systems, including those of very large scale. Of course,
performance issues are very dependent on implementation details.

The Greylisting method proposed in this paper is a complimentary
method to other existing and yet-to-be-designed spam control systems,
and is not intended as a replacement for those other methods. In fact,
it is expected that spammers will eventually try to minimise the
effectiveness of this method of blocking, and Greylisting is designed
to limit options available to the spammer when attempting to do so.

The great thing about Greylisting is that the only methods of
circumventing it will only make other spam control techniques just
that much more effective (primarily DNS and other methods of
blacklisting based on IP address) even after this adaptation by the
spammers has occurred.

[...]


----- End forwarded message -----