Comment by daneel_w

In my experience running my own MX, greytrapping hasn't been an efficient countermeasure for well over 15 years at this point. Spammers have endless constitutional resources. The botnets they wield, too, are endless resources. It costs them not a dime to do everything by the book and keep retrying - and surely everyone (besides the author) must have noticed by now that they keep sending more and more spam instead of giving up for good. This reality itself is at odds with the ridiculous idea that delaying a malicious MX would somehow cause the operator to take a new career path.

But it costs us a lot to keep waiting forever for important and legitimate e-mail. Arguments like "twenty-four hours is short enough to not cause serious disruption of legitimate traffic" and "we already know that spam senders rarely use a fully compliant SMTP implementation to send their messages" are 20 years out of touch and completely void of connection with reality. They use OpenSMTPd, Dovecot and EXIM like everyone else. They have FCrDNS, SPF/DMARC records and a valid DKIM setup like everyone else. "I'll send you this important e-mail and hopefully it finds its way to you by tomorrow." ...Seriously? How many millions of repeated e-mails would such a baseline incur globally every month? "You didn't get it? But I mailed it already an hour ago. I'll try sending it again." Everything about the author's reasoning around greytrapping is long past expiry.