Email ???

[Ed Greshko]

James Wilkinson wrote:

> My point -- the standard recommends a retry interval of 30 minutes. That
> doesn't mean that a shorter interval doesn't follow the standard, merely
> that a longer retry period should be considered normal, according to the
> standard.

One could also say "a shorter retry period should be considered normal" as
well.  Better still, "it is normal that admins don't change the default
settings of a given MTA".  I think the use of the word "normal" requires a
definition of what is "normal".

> Your point -- in practice, few MTAs follow the recommendation in their
> default configuration.

In actuality, my point is that the RFC only makes a recommendation buy use
of the keyword SHOULD and not all MTA's follow the recommendations.

>> You said, "Retries may come from any of those computers" and this is an
>> incorrect statement.  While a major provider has many systems sending out
>> emails when an individual email is placed in the queue of a sending system
>> it stays in that system's queue.
> 
> You pointed out "SHOULD", I'll point out "MAY" in my statement. For many
> major senders, what you right is absolutely true. I maintain that it is
> not universally true, and there are some major exceptions.
> 
> I understand that a number of major senders (who have their own,
> custom-written SMTP engines) do resend from different servers. There is
> a fair amount of evidence to support this:
> 
> http://www.merakmailserver.com/forum/Greylisting_Bypass_Info/m_1441/tm.htm
> http://en.wikipedia.org/wiki/Greylisting makes this point.
> http://www.dataenter.co.at/doc/xwall_greylisting_exclusions.htm

Sorry, I don't consider those "evidence" since they are merely statements by
some individuals.  The wikipedia entry simply says "or if the retry comes
from a different IP address than the original attempt" but it doesn't offer
any proof that it does happen in reality.  Also, the section this comes from
has a disclaimer of " This does not cite its references or sources."

If you really want evidence, I'll send you my logs and you can see for yourself.

> I think we're pretty nearly saying the same thing -- the more
> greylisting is used, the greater the return on investment would be. If
> everyone used greylisting, then spambots would be worthless unless they
> learned to retry.

So, greylisting is a good thing to implement.

> It looks as though most e-mail providers who are likely to use
> greylisting already have it in place, and that most spammers either
> aren't collecting or analysing reject rates, or they reckon the extra
> complexity of retrying isn't worth the hassle.
> 
> But I am seeing some evidence that a few spammers are retrying even on
> 5xx permanent rejects (for example, identical e-mails, down to To: From:
> and Message-ID: fields, from the same IP address).

So, you are now making a case for a blacklist.  Yes?