Re: [Asrg] Too Big to Block?

[Dotzero <dotzero at gmail.com>]

On Wed, Jul 8, 2009 at 2:25 PM, Chris Lewis<clewis at nortel.com> wrote:
> John Leslie wrote:
>
>>   More useful is something like, "Hotmail MTA #49 is sending more spam
>> than usual right now: more severe graylisting might be called for."
>
> What good does graylisting do to a real MTA?  Unless MTA #49 is sending you
> enough email that forcing it to requeue causes it problems, it won't do
> anything useful.
>
> We've tended to let our automated defenses "fire where they may".  If MTA
> #49 is sending us so much spam that the defenses fire, they fire, and we
> don't whitelist.
>

+1

I think whitelisting has value in forcing senders that want to reach
certain receivers to engage in certain practices. I don't know that
whitelisting buys (or should buy) a sender protection from their own
bad practices. I will add a caveat to what Chris says. Some receivers
do a really good job of tuning their automatic defenses. Others are
not so careful.

> If the problem gets bad enough, we block /24s worth.  With MSN and Yahoo,
> that turns out to work particularly well, because at least with Nigerian
> floods and their provisioning methods, specific /24s tend to be
> substantially worse than others.
>
> Then we make a big public & private noise.  And sometimes things get better.
>
>

Sometimes they do. I believe der mouse commented about the big ISPs
not caring. I think they do but are having to deal with aggressive
attacks abusing their systems. On the other hand, life isn't fair <G>.