A plea for greylisting, or: One greylist to rule them all

Posted on: Wed, 09 Sep 2009 03:38 By: patrick

Yesterday I finally had enough! The spam situation had escalated to such a painful level that, even though I had long tried to avoid it, at last I made the decision to configure my system to use greylisting. Using the Debian package greylistd and studying this excellent HOWTO, I was able to whip up a suitable configuration for my MTA (Exim) in a very short time. After a few manual tests I let the experiment go live, and waited...

Before I write about the result of the experiment, I would like to go back in time for a bit (aka "to make a short story long" :-). I have owned and operated the domain herzbube.ch for quite a few years now. I have always been liberal in my use of my primary email address, so nowadays spammers that harvest email addresses will find my traces sprinkled over the Internt in bugtrackers, mailing lists, the occasional forum, and other places. One notable example is the list of OIDs assigned by IANA to private enterprises: The email address I used for registering an OID appears on this list, and it has become one hell of a spam attractor :-)

Despite my liberalness, I can still remember a time when herzbube.ch collected only around 100 spam messages a day. At the time I thought this was a lot, but I was - more or less - happy with the status quo because I was blessed with SpamAssassin, a spam-recognition tool which faithfully sorted out the trash, so that my only duty was to have an occasional quick look at everything in order to make sure that there were no false positives. Unfortunately things did not stay calm...

Over the years, the spam rate increased... and increased... and increased. In mid-2008 I was receiving around 600 spam messages per day, had long since given up on checking for false positives, and was feeling acutely uncomfortable using email. Around this time I started to keep a record of my Spam statistics. I felt relief when McColo was taken off the net, but soon the heat started rising again.

In April this year (2009) things really got out of hand. Spam levels surged and all of a sudden I faced an incredible 1000-1200 spam messages per day. Even though SpamAssassin was still diligently doing its work (95-97% hit rate), the tool was not infallible, and the sheer numbers made sure that every single day 30-60 spam messages went unrecognized. My inbox had become a trashcan that needed careful emptying before I could do anything useful with it. I felt besieged: I couldn't just ignore the problem, or my inbox would rapidly fill up with trash, yet cleaning out and training the SpamAssassin filter seemed a truly Sysyphean task without hope of improving the situation.

So this was the point where I had arrived at yesterday, and which made me consider using greylisting. Certainly this story of mine is not news: It is well known how the spam problem threatens to overwhelm the very medium on which it relies. Still, in telling my story I hope to explain how the growing weight of spam has become oppressive enough to make me use greylisting. For I have not been a fan of the technique; to the contrary, as I already mentioned at the beginning of this story, I had long tried to avoid using it. There were several reasons for my reluctance:

  • As Wikipedia aptly puts it: "it [greylisting] destroys the near-instantaneous nature of email people have come to expect".
  • Also I felt (and still feel) that greylisting puts an additional burden on mail servers and network communication, which in my opinion should be avoided by responsible and well-behaved netizens.
  • Last but not least I had a vague fear of losing legitimate messages due to either mis-configuration on my part, or not-so-well-behaved but legitimate senders.

Setting all of these doubts and fears aside, I have now run the greylisting experiment for one day, and even after only such a short time I must conclude that the experiment has been a complete success. During these past 24 hours I have received a mere 120 spam messages (5 of which made it past SpamAssassin into my inbox), which means that, compared to the previous 1200 spam messages per day, the spam rate has dropped by a whopping 90%!!! This result is beyond my wildest dreams, and I guess it is understandable that I plan to continue using greylisting for the next few decades :-)

So I have become a convert. It has become clear to me that, ultimately, greylisting causes much less grief and pain than the spam problem it alleviates. I have titled this story "A plea for greylisting" because, after my experiences, I recommend to everybody who runs a mail server: Don't wait until your spam problem gets out of hand, use greylisting now!

Topics

Add new comment

The content of this field is kept private and will not be shown publicly.

Filtered HTML

  • Allowed HTML tags: <h1> <pre> <br> <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type='1 A I'> <li> <dl> <dt> <dd> <h2 id='jump-*'> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.