Problem
What is Greylisting?
How does Greylisting work?
Who uses Greylisting?
How to avoid Greylisting?
Solution:
Greylisting is a method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical approaches.
Greylisting relies on the fact that most spam sources do not behave in the same way as legitimate mail systems. So greylisting tests the sending email server to verify that it is RFC Compliant. This is done by telling the sending mail server its message has been temporarily blocked and to try again, at the same time greylisting will cache the details of the message.
A compliant sending mailserver will then wait the desired time and try again. Once successful the greylisting will remember the result so future emails from that sender won’t suffer the initial delay the very first message did.
Of course, since the majority of SPAM Servers and SPAMBots are not legitimate senders those emails tend not to retry, the result being a large volume of unwanted emails can potentially be filtered during SMTP transmission.
Although greylisting is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention such as profilter.
How does Greylisting work?
- An email from an unknown sender arrives.
- It will be initially blocked by Greylisting and asked to try again using the SMTP Error 451.
At the same time the Greylisting server caches the following information
- The connecting IP Address of the server
- The Senders Email Address
- The Recipients Email Address
This information is often referred to as a Triplet, because it consists of three bits of information. - The temporary error is considered by the sending server to be a "Delivery Delayed" notification and will resend the message after a period of time set by mailserver. The default for Microsoft Exchange is 15 Minutes, but other mail servers can be as low as 5 minutes.
- When the message is resent; if the message information that was cached (the Triplet) in the greylisting matches the message is passed to the remaining filters for delivery.
- Items in a Greylisting cache often have a 24 hour lifetime so non-frequent senders may experience the delay more than once. This is why Greylisting works better in conjunction with a spam filter because regular email senders can be added to the spam filters “pass list” and therefore bypass greylisting.
Who uses Greylisting?
Greylisting is an effective tool against spammers, so the greylisting technology can be used in email filtering solutions and also as a border guard defence for email servers. Services like proFilter and backupMX use greylisting because 1) its a great first line defence against spam email and 2) it actually keeps the CPU load down on the actual spam filter (proFilter). Yes greylisting will get rid of a large portion of spam email that doesn’t play by the SMTP rules, but you still need an anti-spam solution like proFilter to analyse the emails that do obey the SMTP rules.
This is why a combination of Greylisting, Spam Filtering and the use of Pass & Block list go hand-in-hand to complement each other.
How to avoid Greylisting?
There are two simple answers to this question. Don't be a spammer and if you are a legitmate email sender ask the recipient to add your email address and/or domain name to their spam filters "pass list".
What Prolateral services use Greylisting?
Greylisting technology is used in our hosted spam filtering solution, profilter, and also in our backup MX (also known as backup SMTP) service backupMX.
A video explanation.