Most already know that I'm not a big fan of greylisting, mainly because I believe that simply delaying mails is not acceptable in larger environments and is very easy to bypass. If everyone were using greylisting, we'd have to throw more hardware at outgoing mail as well. Good for bussiness though ;)

For a while now I have been using selective greylisting on my personal server, only greylisting senders without a valid reverse DNS or those that are listed in blacklists. This has worked pretty well, however recently the guys from openminds reported that spammers are getting smarter, retrying messages when they were refused by greylisting. For a long time I suspected that spammers would adapt real soon, but it took them far longer than I thought.

Does anyone have more accurate numbers about this? I don't have large systems running greylisting to pull such statistics from but I do think it's strange that only a couple people reported this. Was this only a local glitch or are spammers really starting to adapt?

On a sidenote, have a look at the interesting reverse DNS behavior of networks like 65.111.26.0/24, 64.191.43.0/24, 216.74.115.0/24.. and many more. They have PTR records with a very short TTL (120 seconds) and are regulary switching from one domain to another.
For example in the past few days the address 65.111.26.16 has resolved to:

• crowflies16.forexpose.com
• crowflies16.hiccupeast.com
• crowflies16.againwhite.com
• crowflies16.shortgypsy.com

And probably many more because I only checked a few times. An attempt at circumventing reputation filters based on domain name?