A quick explanation: “Greytrapping as implemented in spamd puts offenders in a temporary blacklist, dubbed spamd-greytrap, for 24 hours. Twenty-four hours is short enough to not cause serious disruption of legitimate traffic, since real SMTP implementations will keep trying to deliver for a few days at least.”
How does it work?
(From another article linked in this post)..
“We already know that spam senders rarely use a fully compliant SMTP implementation to send their messages. That's why greylisting works. Also, as we noted earlier, not only do spammers send large numbers of messages, they rarely check that the addresses they feed to their hijacked machines are actually deliverable. Combine these facts, and you see that if a greylisted machine tries to send a message to an invalid address in your domain, there is a significant probability that the message is a spam, or for that matter, malware.”
The linked article up top makes much more sense after reading the one you've linked! I had felt like I was getting a fascinating peek into a strange little corner of the internet I did not understand, but now I think I understand what the author was getting at.
In my experience running my own MX, greytrapping hasn't been an efficient countermeasure for well over 15 years at this point. Spammers have endless constitutional resources. The botnets they wield, too, are endless resources. It costs them not a dime to do everything by the book and keep retrying - and surely everyone (besides the author) must have noticed by now that they keep sending more and more spam instead of giving up for good. This reality itself is at odds with the ridiculous idea that delaying a malicious MX would somehow cause the operator to take a new career path.
But it costs us a lot to keep waiting forever for important and legitimate e-mail. Arguments like "twenty-four hours is short enough to not cause serious disruption of legitimate traffic" and "we already know that spam senders rarely use a fully compliant SMTP implementation to send their messages" are 20 years out of touch and completely void of connection with reality. They use OpenSMTPd, Dovecot and EXIM like everyone else. They have FCrDNS, SPF/DMARC records and a valid DKIM setup like everyone else. "I'll send you this important e-mail and hopefully it finds its way to you by tomorrow." ...Seriously? How many millions of repeated e-mails would such a baseline incur globally every month? "You didn't get it? But I mailed it already an hour ago. I'll try sending it again." Everything about the author's reasoning around greytrapping is long past expiry.
> Arguments like "twenty-four hours is short enough to not cause serious disruption of legitimate traffic" and "we already know that spam senders rarely use a fully compliant SMTP implementation to send their messages" are 20 years out of touch and completely void of connection with reality.
Just recently I found out a very prominent local service recovery emails are not delivered to the end-user mailbox.
Reason? The email doesn't have Message-ID. Like it get's generated, sent out, "my" PMG box receives it... and throws it out because no Message-ID. Insult to an injury? It was password recovery emails. Regular marketing ones are going through.
A quick explanation: “Greytrapping as implemented in spamd puts offenders in a temporary blacklist, dubbed spamd-greytrap, for 24 hours. Twenty-four hours is short enough to not cause serious disruption of legitimate traffic, since real SMTP implementations will keep trying to deliver for a few days at least.”
How does it work? (From another article linked in this post)..
“We already know that spam senders rarely use a fully compliant SMTP implementation to send their messages. That's why greylisting works. Also, as we noted earlier, not only do spammers send large numbers of messages, they rarely check that the addresses they feed to their hijacked machines are actually deliverable. Combine these facts, and you see that if a greylisted machine tries to send a message to an invalid address in your domain, there is a significant probability that the message is a spam, or for that matter, malware.”
OT: This site has another recent article I found even more interesting-
A Major Mail Provider Demonstrate They Likely Do Not Understand Mail At All https://nxdomain.no/~peter/they_do_not_understand_mail_at_al...
Gotta love the email self-hoster holdouts, mad props and respect.
The linked article up top makes much more sense after reading the one you've linked! I had felt like I was getting a fascinating peek into a strange little corner of the internet I did not understand, but now I think I understand what the author was getting at.
In my experience running my own MX, greytrapping hasn't been an efficient countermeasure for well over 15 years at this point. Spammers have endless constitutional resources. The botnets they wield, too, are endless resources. It costs them not a dime to do everything by the book and keep retrying - and surely everyone (besides the author) must have noticed by now that they keep sending more and more spam instead of giving up for good. This reality itself is at odds with the ridiculous idea that delaying a malicious MX would somehow cause the operator to take a new career path.
But it costs us a lot to keep waiting forever for important and legitimate e-mail. Arguments like "twenty-four hours is short enough to not cause serious disruption of legitimate traffic" and "we already know that spam senders rarely use a fully compliant SMTP implementation to send their messages" are 20 years out of touch and completely void of connection with reality. They use OpenSMTPd, Dovecot and EXIM like everyone else. They have FCrDNS, SPF/DMARC records and a valid DKIM setup like everyone else. "I'll send you this important e-mail and hopefully it finds its way to you by tomorrow." ...Seriously? How many millions of repeated e-mails would such a baseline incur globally every month? "You didn't get it? But I mailed it already an hour ago. I'll try sending it again." Everything about the author's reasoning around greytrapping is long past expiry.
> Arguments like "twenty-four hours is short enough to not cause serious disruption of legitimate traffic" and "we already know that spam senders rarely use a fully compliant SMTP implementation to send their messages" are 20 years out of touch and completely void of connection with reality.
Just recently I found out a very prominent local service recovery emails are not delivered to the end-user mailbox.
Reason? The email doesn't have Message-ID. Like it get's generated, sent out, "my" PMG box receives it... and throws it out because no Message-ID. Insult to an injury? It was password recovery emails. Regular marketing ones are going through.