What is greylisting?

Open laptop computer with hourglass placed on keyboard
Ever wonder why an email sometimes doesn’t arrive instantly?
Many of us have experienced this problem: you can’t remember your password for an online service you don’t use that often and have to click “forgot password” to get a reset link. But even though a message pops up claiming that an email was sent to you, no reset link arrives. You click again. And again. Nothing! Then half an hour later, three messages arrive in your inbox all at once. What just happened? One possible cause is a spam-prevention process called “greylisting,” which we’ll explain today.
Delays in the delivery of email can sometimes be caused by “greylisting,” a process that is used behind the scenes in mail servers to combat a certain type of spam known as unsolicited bulk email. The name comes from the fact that greylisting is somewhere in between whitelisting, where an email is marked as safe and is delivered, and blacklisting, where an email is blocked completely. Greylisting, on the other hand, is more of a “wait and see” approach.

How does greylisting work?

First, a simplified explanation of what happens when you send an email: your email application or interface establishes an SMTP (Simple Mail Transfer Protocol) connection with the sender‘s Mail Transfer Agent (MTA). This MTA then transmits your email message to your recipient’s MTA. If that MTA accepts your email, it is delivered to your recipient’s inbox.

The MTA keeps a record of the IP address, sender address and recipient address of your email, which is known as its “envelope data” or “triplet.” If the system uses greylisting as one of its spam protection measures, the MTA will reject the email when it encounters your email’s envelope data for the first time. Instead, it will return a temporary error code and ask your MTA to retry sending the email after a specific period of time. And it keeps that envelope data on its greylist.

Now the purpose of greylisting becomes clear: A legitimate MTA will comply with this resend request. When your email is sent for the second time, it will be accepted for delivery because its data is already on the receiving MTA’s greylist. In addition, the envelope data will now be whitelisted, so your future emails to that sender will not have to go through this process again.

On the other hand, imagine you are a spammer trying to send out mass spam emails from a hijacked computer. You could send your spam emails multiple times to try to get whitelisted, but the logistical effort wouldn’t be worth your trouble. So the spam email is never delivered, and the intended recipient never even knows it existed.

Advantages and disadvantages of greylisting

Greylisting is an extremely simple and effective method of stopping mass spam attacks. The process requires no action from the user and legitimate emails are almost never lost. On the flip side, the time delays can sometimes make people wonder if their mail server is working properly or even think their emails aren’t arriving, when in fact they have only been delayed. And as we saw from our initial example, greylisting can occasionally be inconvenient when dealing with time-sensitive emails. However, most properly configured sender MTAs will resend the message promptly, so delays should be less than 10 minutes.

We hope you found this glimpse behind the scenes of the spam-filtering process interesting. Please give us some feedback below!
 
Image: 1&1/Getty Images
 

Posted in

Email Spam Spam filter

33 people found this article helpful.

Related articles

But it’s not spam!

Spamhaus, bounced emails and blocked IP addresses

Tired of junk mail? Find out how to blacklist email addresses or domains