[Mailman-Users] spam, spamcop and mailman moderation

[Brad Knowles]

At 11:49 AM -0600 11/10/06, Patrick Bogen wrote:

>>  So the end of greylisting as a useful tool is approaching (I'm surprised it
>>  has survived this long).
>
>  I understand this point. I think that greylisting should persist, in
>  any case, since, if nothing else, it doubles the work a spammer has to
>  do; and on the scale they work, that's a lot.

Nope.  It's trivially easy for them to track which sites have 
resulted in a tempfail, and then to retry those messages an hour 
later.

Keep in mind that they have botnets of millions or tens of millions 
of machines, and they effectively have more CPU cycles and network 
bandwidth than anyone else on the planet.


Trust me, you *WILL* lose.  The question is by how much you will 
lose.  And how hard you will fight to continue to tread water at that 
level.  And when they throw ten times as much resources at you next 
week, are you willing to work ten times as hard to continue to tread 
water?  And when they throw a hundred times as much resources at you 
the week following, what then?

>  Personally, I'd like to see hashcash become widespread, but I guess
>  that'd be hell for a mailing list.

Not scalable for large quantities of legitimate users, and doesn't 
pose any real significant cost burden for spammers, since they have 
unlimited CPU power at their disposal.

-- 
Brad Knowles, <brad at shub-internet.org>

Trend Micro has announced that they will cancel the stop.mail-abuse.org
mail forwarding service as of 15 November 2006.  If you have an old
e-mail account for me at this domain, please make sure you correct that
with the current address.