The fight against spam is an ever evolving one, and I’m sure grey-listing will be rendered useless at some point, as the spammers keep circumventing current mechanisms. I’m not sure what the next step is after grey-listing is. I hope it’s not CREV, which also has its loopholes.

SPF is another option, but requires adoption in all domain records to be truly effective. There is a firm plan for my hosting company to support SPF in all domains it hosts, but if your timeline is accurate, this might be happening sooner than expected

Matti Aarnio is currently doing the same Post-greying technique within the Linux kernel mailing list and although it works to a degree, it still has its problems.

I’ll explain one I can think of. Sam sends Bob an email. When he does this he uses an open relay (one of the most common spamming ways). Sam has now just broken the whole Post-greying because the open-relay will respond to the wait packet and resend when required (This is normally what happens anyway when a spammer hits an open relay because the quantity of emails exceeds the systems max throughput.

It will however work on a standard drone system (normally desktops that have been compromised and rigged to send mass emails), but only for a little while. Most spam bots now use a trigger method to reiterate through the list after all the email addresses have been posted.

It will (Matti says about another 50-100 days, I say about a month) soon be completely redundant.