Thursday, July 15, 2004

Dealing with Spam - Greylists

Yet another anti-spam methodology is gathering momentum, so-called Grey Lists. This is a server-based method for dealing with spam that sounds intriguing. The basic idea is to block unrecognized mail for a short period with a temporary failure method. The premise being that typical spam tools don't deal with timeouts and temporary failures gracefully, they just blitz the internet with their evil content and terminate (fire-and-forget). Legitimate (but unrecognized) mail with still get through, as mail servers are designed to deal gracefully with temporary failures.

One obvious concern is that you'd be increasing the traffic on the internet by some degree, as you're asking all unrecognized mail to be sent twice. On the other hand, the majority of your mail (I hope) is from people you know already (and would thus be on your white list - these would not be considered for grey listing).

Further articles can be found here and here.

Further to my recent post regarding simplified Challenge-Response systems in the ongoing battle against spam, one concern that has cropped up is when you register with internet sites and mailing lists - you typically get a confirmation e-mail to which you are expected to reply. I'm not sure how these would get through the Challenge Response system proposed.

0 Comments:

Post a Comment

<< Home