Re: spambots and dictionary attacks



On 2006-11-22 Kurt Seifried wrote:
Greylisting is a two-edged sword, though, that may not only cause
noticable delays in mail delivery, but also legit mails to be
rejected.

Only for the first email if the greylisting system has any sense (i.e.
OpenBSD's spamd),

I'm not familiar with OpenBSD. How does its spamd work? Does it
whitelist hosts that have re-send a greylisted mail?

plus most allow whitelisting.

You can only whitelist what you know about, so there's still the
possibility of legit mail being rejected.

Not to mention that it'll stop working as soon as it's being used
widely enough to make adjusting to it worthwhile to spammers.

Sure and then the hosts are behaving like real email servers which is
vastly more expensive (computationally/etc.) than just blasting stuff
out.

True. But since botnets are cheap: why would a spammer care?

Don't get me wrong: I'm not advocating against greylisting here (though
personally I prefer to avoid it), I'm just pointing out that it's not a
silver bullet.

Regards
Ansgar
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq