[RndTbl] greylisting

Adam Thompson athompso at athompso.net
Mon Dec 4 13:23:46 CST 2006

Trevor Cordes wrote:
> Unless... change hte subnetmatch to /16 (or even /0??) and rely more on
> the to/from tuple.  Why not?  Most spams use random to/froms.  Not
> ideal, but /0 would get around the braindead/pool problem while still
> providing some greylist benefit.
There's one big problem with that... botnets.  Odds are excellent that 
two 'bots are going to be in the same class-B (think Shaw or MTS...), 
which will cause the entire ISP address space to be whitelisted.  Even 
/24 has this problem, but on a smaller scale.  You're betting the odds, 
and have to find an acceptable balance.

More information about the Roundtable mailing list