Learn to Combat Spam with Greylisting
Your questions about Greylisting answered.
Hundreds of tech organisations and educational institutions use greylisting.
You’re in good company.
What is Greylisting?
It wouldn’t be an exaggeration to say that spam is the bane of everyone’s existence on the internet. Thankfully, some methods can get around the never-ending deluge of spam emails, and greylisting is one such method.
Greylisting is a method of defending email users from spam emails by figuring out whether the email is coming from a legitimate or suspicious sender. It’s carried out by a Mail Transfer Agent (MTA) or simply an email server.
A mail transfer agent (MTA) that employs greylisting will temporarily reject any suspicious email from a sender it doesn’t recognize. It will request that the originating email server tries to resend the email after a certain amount of time has elapsed.
This method is usually enough to stop actual spam. That’s because most mass spammers go through a massive number of email addresses but can’t afford the sophisticated features or the time delay to retry sending the email multiple times.
In contrast, a legitimate Simple Mail Transfer Protocol (SMTP) server will attempt sending a delayed email multiple times until the email is accepted.
How Does Email Greylisting Work?
To understand how greylisting works, you should first acquaint yourself with how an email is sent. Emails delivered using the SMTP protocol are sent in units called envelopes. Each envelope contains the sender’s address, then the recipient’s address, then the actual body of the message.
A server using greylisting will cache three pieces of data called a “triplet” for every incoming email:
- The sending server’s IP address
- The envelope sender address
- The envelope recipient address(es)
When an email from an unknown sender with a triplet has not been recorded before it arrives, it will initially be blocked by the server. The latter sends a temporary SMTP 4xx error code informing the sending server that the email has been “temporarily rejected.”
Since this is only a temporary delay, a legitimate SMTP will try resending the email after a set period of time, unlike a non-RFC-compliant spamming server that won’t attempt sending the email again. The default delay for most servers is 15 minutes, although it can go up to a couple of hours.
Suppose the sending server successfully manages to send the email again within the specified time limit. In that case, it will be identified as a non-spam source and be whitelisted for future emails. The sender’s IP address is also saved in the greylisting cache to ensure that the MTA will not interrupt any future emails from the same server.
The only caveat is that it’s only saved for up to 24 hours. This means that unless the sender sends you emails frequently, they may have to go through the greylisting process again.
Greylisting vs. Blacklisting: How Do They Differ?
The difference between the two is quite simple and can be guessed from their names.
An email from a sender on your blacklist will never be allowed to go through, regardless of the number of attempts.
Conversely, greylisting only blocks the email from going through temporarily. As long as the sending server attempts to resend the email, you shouldn’t worry about the email falling through the cracks.
Advantages and Disadvantages of Greylisting
Greylisting has many advantages. Most importantly, it’s pretty straightforward to implement and requires no additional configuration from the users’ end. In fact, the user will only notice a delay upon receiving the first email from a sender, but this delay will help protect them from malicious senders and unidentified malware.
This method is also very cheap to implement as it uses fewer CPU and memory resources, unlike other power-intensive filtering methods.
However, despite its various advantages, it’s not without shortcomings. To illustrate, if your server uses greylisting, there’s no guarantee that your emails will arrive in your inbox in a reasonable amount of time.
This delay can be frustrating in most cases, but it can also be downright ineffective for time-sensitive emails such as password resets and account activation links. Some legitimate emails may even be wrongfully flagged as spam in rare cases, causing them to be lost.
Greylisting is currently one of the best ways to fight email spam
Now that you know what is greylisting and how it works, you can see that despite seeming pretty simple in theory, it nonetheless remains one of the most effective methods of defending against spam emails.
While it may have the occasional glitch by blocking a legitimate email, greylisting is still one of the easiest and most cost-effective methods of combating spam emails. It doesn’t take up too much power and offers the end-user a much-desired hands-off approach.