[sclug] yahoo and greylisting

David Given dg at cowlark.com
Thu Jan 19 23:50:48 UTC 2006 

On Thursday 19 January 2006 23:29, John Stumbles wrote:
[...]
> How do you mean 'email probing'? And what RFC?
> And wtf's greylisting (while I'm showing off my hignorance? :-)

A greylister is a way of implementing hashcash by exploiting some of the 
features of the SMTP service.

Hashcash is a way of ensuring that people *really* want to send you email by 
making the sender do some work. Traditionally this is done by making them do 
something computationally expensive, such as factoring big numbers. The idea 
is that because sending mail now requires work, people will be much less 
inclined to send vast amounts of mail on-spec --- i.e., spam.

Greylisting works by using SMTP to force the sender to keep the message on 
their system for a certain amount of time --- the expense here is (a small 
amount of) memory, rather than CPU time. The first time a new sender tries to 
give a message to the greylister, the greylister sends back an SMTP message 
saying "message refused --- but try again later and I may accept it". The 
sender has to store the message, which uses disk space, and then after an 
interval retries. The second time the greylister sees the message, it accepts 
it. The advantage of this approach is that because this is using a perfectly 
legal SMTP mechanism, all SMTP servers are compatible.

(Most spam software don't implement SMTP servers, instead implementing the 
bare minimum they need to spew spam all over the place. These servers will 
ignore the retry mechanism.)

Greylisting is great as a first stage spam filter because (a) it's cheap, (b) 
it's reliable with very few false positives (other than Yahoo Groups), and 
(c) it blocks the spam *before you even receive it*, which means it never has 
to get transferred to your machine, which means you never have to pay for the 
bandwidth.

Yahoo breaks the rules. When you try to subscribe to a Yahoo Groups list, it 
tries to send a dummy message to the specified address, as a way of verifying 
that the address exists. This is fine, except when my greylister refuses the 
message, Yahoo's servers don't try again and assume the address is invalid. 
This is illegal and violates the SMTP standard, which is defined in a 
document called RFC2821: http://www.ietf.org/rfc/rfc2821.txt

Hopefully that's informative without being too lecturing...

> > (Can I plug my greylister now?)
>
> [hands on hips] <sigh!> allll-right, I suppose so ...

Yay!

spey, available at http://spey.sf.net, is a SMTP proxy designed to plug in 
upstream of your SMTP server to add cheap-and-easy greylisting abilities to 
your existing SMTP server. It's small, efficient, portable, and scales well. 
It's only useful if you run a public-facing SMTP server, and is not suitable 
for POP or IMAP users.

-- 
+- David Given --McQ-+ "There is no expedient to which a man will not
|  dg at cowlark.com    | resort to avoid the real labour of thinking." ---
| (dg at tao-group.com) | Thomas Edison
+- www.cowlark.com --+ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.tmdg.co.uk/pipermail/sclug/attachments/20060119/cc27c76c/attachment.bin

More information about the Sclug mailing list