Re: spambots and dictionary attacks

On 2006-11-22 Kurt Seifried wrote:
Greylisting is a two-edged sword, though, that may not only cause
noticable delays in mail delivery, but also legit mails to be

Only for the first email if the greylisting system has any sense (i.e.
OpenBSD's spamd),

I'm not familiar with OpenBSD. How does its spamd work? Does it
whitelist hosts that have re-send a greylisted mail?

plus most allow whitelisting.

You can only whitelist what you know about, so there's still the
possibility of legit mail being rejected.

Not to mention that it'll stop working as soon as it's being used
widely enough to make adjusting to it worthwhile to spammers.

Sure and then the hosts are behaving like real email servers which is
vastly more expensive (computationally/etc.) than just blasting stuff

True. But since botnets are cheap: why would a spammer care?

Don't get me wrong: I'm not advocating against greylisting here (though
personally I prefer to avoid it), I'm just pointing out that it's not a
silver bullet.

"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq