Tom B said:
From time to time my new OUTLOOK tells me that the addressee is
greylisted
and I should try again in N seconds - this varies from 10 to 9000.
What does
this mean?
It means the receiving mail host is delaying delivery of all e-mails
sent to it (unless that e-mail provider allows its users to
individually enable greylisting on just their own account). Infected
user hosts that are running mailer trojans do not retry sending their
crap. They send once and that is it. They have a huge list of e-mail
address (most of which are invalid) to get through in a day and don't
have time to wait around trying to resend their crap. Also, waiting
around to resend means the process is more visible so the trojan may
be more easily noticed by the owner of the infected host. The vast
majority of infected user hosts are using a dynamically assigned IP
addressed so it would probably be smarter to first filter out all
inbound e-mails that originate from a host that has a dynamic IP
address and then employ greylisting. All it usually takes to get rid
of the trojan-sourced spam is to delay mail delivery by a minute.
That means the sending mail server gets a rejection on the first send
and will have to retry a second time to send your e-mail to that
targeted receiving mail host.
http://en.wikipedia.org/wiki/Greylisting
http://www.google.com/search?q=+greylisting +email
Greylisting can only be effected at the receiving mail host, not by
end users. That is, recipients can't do greylisting in their local
e-mail clients because their mail server already has accepted the
e-mail. Greylisting requires the receiving mail host to reject a mail
session while the sending mail host is connected, recording some
statistics on the e-mail that would've been sent, and then allowing
that SAME host to resend the SAME message in a new mail session that
is established a few minutes later. Trojan do not resend their crap.
Legitimate mail servers will attempt retries because receiving mail
hosts may be too busy, have a problem, be under maintainence at the
time, or a route between sending and receiving mail host goes belly up
during the mail session. Resending is part of recovery. Trojans
don't do recovery.
Well, they could but it would be very expensive and make them more
vulnerable to detection.
