[Mailman-Users] Mailman postings deferred by Yahoo
brad at shub-internet.org
Thu Feb 21 06:27:11 CET 2008
On 2/20/08, Attila Kinali wrote:
>> This is just selective greylisting, which lots of sites use as a
>> blanket policy.
> It's definitly not greylisting. Our server sends out a few dozen mails
> a day on the low traffic lists to a few hundred on the high traffic ones.
> Any greylisting that is half way sanely implemented should know after
> the second mail that the server is a legitimate sender.
Yahoo! has demonstrated that they don't understand the greylisting
concept anyway, so this is unlikely. They use a shared pool of
outbound messages through all of their outbound mail servers, so
you're pretty much guaranteed that the same message will never be
touched by the same machine twice.
This ensures that their outbound mail will never be received by a
site that implements a strict per-machine greylisting policy. Only a
looser network-level greylisting policy, will have any chance of
working with Yahoo, and even then it won't work very well -- they
just have too many outbound machines on too many different networks.
> I don't know whether i should do domain keys. Sofar it was never
> a problem that we got tagged as spamers, it might be worth it
> if more ISPs start to filter based on these. PGP is definitly
> not an option. We send out way over 100k mails per day over mailinglists
> (at some days it reaches even 200k mails/d). Signing all of them on the
> server would produce too much load.
This is the fundamental problem with creating or verifying all crypto
signatures of all mail passing through a server. You've got a really
nice self-DDoS attack there, created for us by the nice authors of
the DomainKeys and DKIM proposals.
This has been tried before, and failed, for the same reason. Do some
Googling on the term "pgpsendmail".
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the Mailman-Users