Josh Welch wrote:
> Either you misunderstand what greylisting is, or I was doing something 
> revolutionary, probably not the revolutionary part.
>
> When I was greylisting it worked by giving a 4XX "try back later" 
> message to any from address, domain and IP Address combination which 
> was not listed in the database. This would result in any standard mail 
> server queueing the mail for delivery later, at which point the 
> greylisting server would allow the mail delivery. Many/most spam 
> operations won't bother queuing mail for later delivery, and you will 
> never see a particular from address, domain, and IP Address combination 
> from them again becuase they forge the from address.
>
> The biggest issue in this scenario for a very high volume operation 
> with a lot of unique senders is scaling the database. For medium volume 
> operations it can be quite effective.
>
> Josh
>
>   
D'Oh!  And I knew that too.  Grey listing is a good thing.  Having the
sender (most likely a zombie) manage a retry is very effective.  Most
zombie setups are not smart enough to retry and those that are,
typically via a smarthost, get identified as a spammer before you get to
see them.

Grey listing is a good thing.  The "Hello?  Are you a human?"
confirmation messages are EVIL! 

Chris