Greylist scanning (cont)

Check validity of sender address.  (sender address shouldn't be completely bogus)

Check MX and A record of from address - trap hosts sending from bogus ones. This is much more effective than one message at a time in the mta.

Check number of sending domains, number of tuples.. Why would a mailserver youhave never talked to before be sending from multiple domain addresses?

Don't allow greylisted hosts to talk to invalid local users. (viciously effective if you have site churn)

Prototype greylist scanner at http://www.ualberta.ca/~beck/greyscanner