I read with interest the article by Dave Crocker in the December 2005 issue of IPJ (Volume 8, No. 4) titled “Challenges in Anti-Spam Efforts.” However, I was surprised not to find any mention of graylisting, an effective anti-spam technique. The technique is not a programmatic or analytical approach to the spam problem but rather relies on exploiting the general behavioral weakness of spam delivery (that spammers typically want to try an address just once for their delivery of spam contents). The technique provides a pragmatic solution to the contemporary bulk commercial e-mail problem to a large extent.
If you are planning for a sequel of this article, I would strongly advocate mentioning the technique for the general benefit of the community.
I administrate a national ISP of considerable size in Pakistan, and the extent to which graylisting has helped us in fighting against spam is amazing.
Successful spam-fighting techniques (especially those that are still far from being widely adopted and worked upon) of today make good candidates for future efforts. My enthusiasm for graylisting is chiefly a result of the benefits our company has derived from its use, but I also want to champion its use because I think it is not widely adopted among peer ISPs because of ignorance. Hence my enthusiastic advocacy of this unsung hero in the fight against spam.
—Tee Emm, Supernet, Pakistan
The Author responds:
I appreciate Tee Emm’s concern that graylisting was not explicitly cited in my article.
I must use the cliché of “limited space” as my primary excuse for omitting graylistng. The tight constraints for a brief article required some difficult choices. As I mentioned at the end of the article, the people reviewing it before publication were particularly helpful (and vigorous). The question of what detail to include was a major focus. My decision was to have only a basic review of existing techniques, because the focus of the article was on future activities.
I believe the work on detection and reaction mechanisms against “bad actors” is reasonably mature. I also believe that the creation of a trust overlay for e-mail, to permit better handling of messages from “good actors,” is very early and in need of much more focus.
With that said, I think I can also generate a plausible claim that graylisting is a form of “traffic shaping,” which is cited in the article.
I primarily meant the traffic shaping reference to be about the technique of tracking aggregate (statistical) flow from a specific address. However, I think that graylisting constitutes a simple—albeit quite useful—mechanism that is designed to slow down the senders, to limit their impact. As Tee Emm notes, graylisting is based on the spammers’ pattern of giving up, after a single failure to send the message. That is the ultimate “shaping,” I think.
Certainly a summary of existing techniques is a worthy topic. It has become quite a rich topic, and matured to a level of qualifying as an area of administration and operations specialization.
As for a follow-up article, I do not have one planned, currently. If I do another one, I hope it will be about open mechanisms for achieving authentication and assessment (vetting) of good actors.
Perhaps next year.
For reference, I should note that there has been some public followup on the article, when CircleID reprinted a posting I made about it: http://www.circleid.com/posts/challenges_in_anti_spam_efforts/
Again, I appreciate Tee Emm’s interest and comment.
—Dave Crocker, Brandenburg InternetWorking