Greylisting
From SuperbHosting.net Support Wiki
What is greylisting?
Greylisting is a mechanism that causes senders' MTAs to delay their messages in a manner which complies with accepted email standards. Spammers, and mailbots, generally are unable to adhere to these standards, and therefore their messages are not accepted.
How does greylisting work?
With greylisting, our mail cluster servers maintain a record of three pieces of information when an e-mail is received:
- The IP address of the machine sending the e-mail.
- The e-mail address of the person sending the e-mail.
- The e-mail address to which the e-mail is being delivered.
This set of information is captured and recorded on our database servers, and communication with the sender's server is terminated with an error code before the content of the e-mail message is received. Our servers reply to the sending server to say essentially "Sorry, we're too busy right now. Please try again to send this e-mail later." The error message (called a "400-level error") is specifically "temporary" and properly configured mail servers will queue the message and retry after some period of time.
After 5 minutes, our servers prepare to receive the e-mail again. When the delivery is attempted again, the servers match the information that was collected previously and the e-mail is delivered without delay. From that point on, anytime a message with the matching information is delivered to our servers, it is delivered immediately. Entries are removed from the greylist if the waiting period expires after without the sender re-sending the e-mail, because in this case, the spammer is most likely a spammer.
Why does greylisting work?
According to the internet specification, when a mail server receives a "400-level" error, it must queue the e-mail message and try later to deliver it. For legitimate e-mail, this process is standard and mandatory. Properly configured mail servers will re-deliver their messages appropriately and greylisting should not represent a delivery challenge to them. Because SPAMmers send hundreds of thousands of e-mails per day to addresses they do not know to be working, they generate a large number of bounced messages.
Acknowledging server responses for these messages, storing the messages on a server for some period of time, and re-delivering them again represents for SPAMmers a resource-intensive process that might very well not return sales of their products or services. Also, they tend to use a "send and run" approach to escape detection so as not to be blacklisted by various anti-spam organizations. They do not want to stay around to retry. As a result, they intentionally misconfigure their mail servers. By requiring that every incoming e-mail message to our servers is from a properly configured mail server, most SPAM is filtered.
Do I have to do anything?
No. This all happens automatically on our mail clusters. You do not need to do anything.
Do the people who send me mail have to do anything?
No. Neither the people you correspond with nor the mail service they use needs to do anything special or differently. Grey listing takes advantage of characteristics of a standard SMTP protocol that most legitimate sites already follow, as well as the fact that most spammers do not follow the procedure properly. They do not need to resend e-mail.
Do all my e-mails get delayed?
No. The delay occurs only the first time the grey lister sees a new sender-recipient pair. Once that message is accepted, the grey lister moves the sender-recipient pair from the grey list to the white list, and subsequent messages involving that pair are immediately allowed through, so you can carry on an email conversation without delays.
Does greylisting work well?
Other sites report dramatic success with this technique, thanks to the fact that the vast majority of spammers do not follow proper SMTP protocol. They don't want to spend resources listening for rejection notices and queueing up their huge volume of spam for repeated attempts. One published study reports a drop by a factor of 10 in the amount of spam that makes it through to users.
What about false positives?
In exceedingly rare cases, there may be legitimate sites whose mail system does not follow the expected protocol. One case study found zero false positives in over 26,000 mail messages. If you notice that mail from a legitimate sender never seems to get past the grey lister, contact us and we will discuss whether a white list entry is appropriate.
Where can I find out more about how this works?
You can find out more information about how greylisting works by visiting http://www.greylisting.org/.
