What is greylisting?

What is greylisting?

Greylisting is a spam prevention method. Greylisting is an email filtering technique designed to reduce spam by temporarily rejecting emails from unknown or unauthenticated senders during the initial delivery attempt. When an email network "greylists" messages, they do not accept the initial incoming message, but rather instruct the sending mail server to try delivery again later (which most servers will do every few minutes). The assumption being that spam servers will not attempt to send the message again, but legitimate servers will. 

A large percentage of spam is sent from compromised home and business computers. Spammers typically send messages from large numbers of these machines, but each machine sends only small batches of mail, in order to avoid detection, and they will almost never retry to send the mail when they receive the "try again" response that a greylisting server sends. 

Greylisting is a very effective anti-spam tool (our tests show a decrease in spam of 80% to 90% when greylisting is implemented), but it can cause delivery delays. Those delays will vary, depending on the sending server, but are typically no more than a few minutes. Only the mail servers exchange the "try again" message. It is not passed along to the sender or recipient.

Here's a detailed explanation of how greylisting works:

  • When an email server receives an incoming message from a sender it hasn't encountered before, it responds with a temporary rejection message, often a 4xx SMTP error code. This temporary rejection informs the sending server that the delivery is delayed and prompts it to retry later.
  • Legitimate email servers, following the rules of the Simple Mail Transfer Protocol (SMTP), are designed to handle temporary failures during the email delivery process. Upon receiving a temporary rejection, a legitimate email server will make another attempt to resend the email after a specific period.
  • If the email is legitimate, the sending server will retry the delivery after the temporary deferral. At this point, the recipient's email server, having noted the previous rejection, will accept the email and deliver it to the recipient's inbox.
  • To streamline the process for known and trusted senders, greylisting often includes whitelisting mechanisms. Once a sender has successfully delivered an email after the initial rejection, their information (sender, recipient, and IP address) may be temporarily or permanently whitelisted. This means that future emails from this sender will be accepted immediately without undergoing the greylisting process.
  • The effectiveness of greylisting lies in its exploitation of the behavior of many spam systems, which often do not make a genuine effort to resend emails after encountering a temporary rejection. Legitimate email servers, however, are configured to retry deliveries, resulting in the successful transmission of genuine emails.
  • While greylisting can be effective in reducing spam, it may introduce a slight delay in the delivery of emails from unknown senders. However, this delay is usually short and is considered an acceptable trade-off for the benefits of spam reduction.