Also, RFC 5321 [0] says:
> SMTP clients that [...] do not maintain queues for retrying message transmissions that initially cannot be completed, may otherwise conform to this specification but are not considered fully-capable.
> In many situations and configurations, the less- capable clients discussed above SHOULD be using the message submission protocol (RFC 4409) rather than SMTP.
Which isn't to say it's not worth it, although nowadays I'd recommend that https://www.postfix.org/POSTSCREEN_README.html pre-greet checks are just as good at stopping spam and better at not blocking legit mail.
I guess this only shows how email is used for entirely orthogonal purposes now.
An Amazon verification email will be sent from "account-update@amazon.com". It's intuitive to predict "@amazon.com" so whitelisting works.
However, State Farm Insurance login verification codes are actually sent from "noreply@sfauthentication.com" instead of the "@statefarm.com"
Greylisting has been so effective for my personal email, I don't mind waiting a bit on the rare occasion (by now, most senders are already recognized). And on the rare occasion I get spam, it's been cathartic, adding a rule to reject the sender with a quippy SMTP eerror. It's also been easy enough just to forward it to abuse@google.com, because it's almost always from Gmail.
On rare occasions I get frustrated by this, and I'm forced to login via ssh and manually permit a greylisted address through - though normally I am not so time sensitive. My greylisting is only 5 minutes.
I picked up from context the general idea behind "greylisting", although I'm sure there's a lot of details that aren't covered. (How do you chose what domain gets greylisted? How often, how long?). But what "greytrapping" is, I can't guess, even after reading the entirety of two of his articles.
From the linked articles, I understand "greytrapping" to be adding clients that attempt delivery to an invalid address and don't retry when greylisted to a deny list.
The key insight behind the idea is that common junk mailing software doesn't support standard SMTP very well. Greylisting tells the client to try again in a few minutes, and most legit mailers will do just that. Not all, though.
Recent versions of postfix added protocol checks that don't require a retry from the client: https://www.postfix.org/POSTSCREEN_README.html
A key observation here is that there's more than one way to ask a client to wait: the opening stanza in an SMTP transaction involves the server sending a message, and the client isn't supposed to respond until it receives that message. And it turns out that pre-greet checks (at least in my experience) have better anti-spam specificity. So I turned greylisting off $mumble years ago.
Pre-greet checks are still a hack: there's nothing stopping a competent spammer from implementing the protocol properly, except that "competent spammer" is an oxymoron.
captn3m0•12h ago