Attila Kinali writes:
This is just selective greylisting, which lots of sites use as a blanket policy.
It's definitly not greylisting. Our server sends out a few dozen mails a day on the low traffic lists to a few hundred on the high traffic ones. Any greylisting that is half way sanely implemented should know after the second mail that the server is a legitimate sender.
Well, maybe. That is harder than it sounds to scale, though. The problem is that Yahoo has a lot of MXes, each handling hundreds of thousands or millions of messages per day, and they're going to need to propagate the greylist database to all of them somehow. It's a solvable problem, but nontrivial.
If you're using exim -qff, you also may be running into a problem of hammering on their MXes too frequently; many greylisting algorithms don't like that.
BTW, do you think they're lying about the user complaints?
I'd rather say [Yahoo] have no clue at all.
The problem that Yahoo faces is that not only is their hardware distributed, so is their wetware. It's a lot easier for one person to handle a few clues about the easy problems that one person can handle than for an organization to deal with many clues about the much harder problems of scaling to Yahoo size.
I don't know whether i should do domain keys. Sofar it was never a problem that we got tagged as spamers, it might be worth it if more ISPs start to filter based on these. PGP is definitly not an option. We send out way over 100k mails per day over mailinglists (at some days it reaches even 200k mails/d). Signing all of them on the server would produce too much load.
Domain keys are per-message cryptographic signatures, too. And as for 200K mails per day, is that 200K *posts* per day, or more like 2000 posts per day going to 100 recipients each, or even better yet, 200 posts/day going to 1000 recipients each? And which would you rather do: save a few CPU cycles, or reliably get your mail through? Maybe the usual variants on PGP are too expensive, but something weaker will do until the spammers catch on, by which time you can hope that everybody has enough CPU, and so on.
I know that the conventional wisdom that signing mail is very expensive is well-justified, but on the other hand you have to remember that there's a difference between "very" and "too" expensive.
BTW, of course it turns out that Yahoo doesn't implement the standard that it sponsored (DKIM), but rather its own legacy variant. Why am I not surprised? :-(I don't know how compatible they are, either. :-( :-(