On 07/03/14 17:21, Noel wrote:
On 3/7/2014 10:21 AM, Alan Chandler wrote:
One question I would be very interested in - and can't find much about it is how long do you greylist these people for?
Basically I only greylist people who fail the spf checks at the moment (that is specifically those who explicitly fail the spf check and those that have an spf record with a +all at the end)
I greylist a softfail for 4 hours and a hard fail or open for 12, but I plucked these figures out of the air.
Alan A delay of 5..15 minutes is sufficient, a delay of hours unnecessarily delays legit mail without increasing the effectiveness. The vast majority of bots either don't retry, or retry once immediately.
It seems to me that greylisting based on spf would not be very effective since it appears many bot herders intentionally use domains without spf records.
Remember the purpose of greylisting is to reject bots, not delay "real" mail servers -- even if you don't want their mail.
-- Noel Jones Thanks
These few posts have made me rethink my strategy here.
Alan