Recently we’ve observed that some spam zombie machines are smarter than others, and do SMTP retrying which means that they bypass greylisting. These machines have been reponsible for a large number of “stock scam” spams that include random text and an attached gif. Between Oct 17 to Oct 20 we were trying out a new greylisting policy that involved taking feedback from the spam scoring system, and re-greylisting systems with an increased delay if they had delivered emails that had been detected as spam by the scoring system. Our testing suggested that this quickly and effectively blocked the zombie machines.
Unfortunately it also blocked a small number of poorly configured real email servers that were being used for forwarding because they would also forward all spam emails, and thus be judged as the source of the spam. This caused some emails to be delayed for many hours or in some cases over a day. We’ve now removed this policy totally. While the concept seems a good idea, unfortunately the small number of incorrectly configured hosts out there mean that this just causes too much of problem for them.