On 2/20/08, Attila Kinali wrote:
This is just selective greylisting, which lots of sites use as a blanket policy.
It's definitly not greylisting. Our server sends out a few dozen mails a day on the low traffic lists to a few hundred on the high traffic ones. Any greylisting that is half way sanely implemented should know after the second mail that the server is a legitimate sender.
Yahoo! has demonstrated that they don't understand the greylisting concept anyway, so this is unlikely. They use a shared pool of outbound messages through all of their outbound mail servers, so you're pretty much guaranteed that the same message will never be touched by the same machine twice.
This ensures that their outbound mail will never be received by a site that implements a strict per-machine greylisting policy. Only a looser network-level greylisting policy, will have any chance of working with Yahoo, and even then it won't work very well -- they just have too many outbound machines on too many different networks.
I don't know whether i should do domain keys. Sofar it was never a problem that we got tagged as spamers, it might be worth it if more ISPs start to filter based on these. PGP is definitly not an option. We send out way over 100k mails per day over mailinglists (at some days it reaches even 200k mails/d). Signing all of them on the server would produce too much load.
This is the fundamental problem with creating or verifying all crypto signatures of all mail passing through a server. You've got a really nice self-DDoS attack there, created for us by the nice authors of the DomainKeys and DKIM proposals.
This has been tried before, and failed, for the same reason. Do some Googling on the term "pgpsendmail".
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>