What is greylisting and how does it work?

Many of us have experienced this problem: you can’t remember your password for an online service you don’t use that often and have to click “forgot password” to get a reset link. But even though a message pops up claiming that an email was sent to you, no reset link arrives. You click again. Nothing! What just happened?
Then half an hour later, two messages arrive in your inbox at once. Why? One possible cause is a spam-prevention process called “greylisting,” which we’ll explain today.
Open laptop computer with hourglass placed on keyboard
Ever wonder why an email sometimes doesn’t arrive instantly?

What is greylisting?

Delays in the delivery of an email can be caused by “greylisting” in certain cases. Greylisting is a process that is used behind the scenes in mail servers to combat a certain type of spam known as unsolicited bulk email. The name comes from the fact that greylisting is somewhere in between "whitelisting" (also called "allowlisting"), where an email is marked as safe and is delivered, and "blacklisting" (also called "blocklisting"), where an email is blocked completely. Greylisting, on the other hand, is more of a “wait and see” approach.

How does greylisting work?

First, a simplified explanation of what happens when you send an email: your email application or interface establishes an SMTP (Simple Mail Transfer Protocol) connection with the sender‘s Mail Transfer Agent (MTA). This MTA then transmits your email message to your recipient’s MTA. If that MTA accepts your email, it is delivered to your recipient’s inbox.

The MTA keeps a record of the IP address, sender address and recipient address of your email, which is known as its “envelope” or “triplet.” If the system uses greylisting as one of its spam protection measures, the MTA will reject the email when it encounters your email’s envelope data for the first time. Instead, it will return a temporary error code and ask your MTA to retry sending the email after a waiting period. And it keeps that envelope data on its greylist.

Now the purpose of greylisting becomes clear: A legitimate MTA will comply with this resend request. When your email is sent for the second time, it will be accepted for delivery because its data is already on the receiving MTA’s greylist. In addition, the envelope data will now be moved to the allowlist, so your future emails to that sender will not have to go through this process again.

On the other hand, imagine a spammer is trying to send out unsolicited bulk emails from a hijacked computer using a spoofed sender address. When the temporary error code is sent back from the recipient’s mail server, it is unlikely that another attempt will be made to send the spam email and move the envelope data from the greylist to the allowlist. So, the spam email is never delivered, and the intended recipient never even knows it existed.
Diagram showing how greylisting works
The legitmate email is delivered on the second attempt, while the spam email is never moved to the allowlist

Advantages and disadvantages of greylisting

Greylisting is an extremely simple and effective method of stopping mass spam attacks. The process requires no action from the user and legitimate emails are almost never lost. On the flip side, the time delays can sometimes make people wonder if their mail server is working properly or even think their emails aren’t arriving, when in fact they have only been delayed. And as we saw from our initial example, greylisting can occasionally be inconvenient when dealing with time-sensitive emails. However, most properly configured sender MTAs will resend the message promptly, so delays should be less than 10 minutes.

Greylisting FAQs

Still have questions? The mail.com blog has answers!

What is greylisting vs. blacklisting?

The main difference between a greylist and a blacklist (also known as a blocklist) is that greylisting is temporary. If an email is greylisted, it is only subject to a temporary block. A legitimate email will be resent by the remote server as described above, causing it to be moved from the greylist to the allowlist and delivered to the intended recipient on the second try. If your email lands on a greylist, you will probably never even know; the temporary error message and the resending are all handled automatically by the mail servers and your message will arrive in your recipient’s inbox after a slight delay. A blocklist is a different process entirely – as the name indicates, a sender is completely blocked from sending emails to a recipient. The sender will receive an error message letting them know that their email could not be delivered, and the only way to get an email through to the recipient is to get removed from the blocklist.

How long does greylisting last?

Your email will be on the receiving MTAs greylist until your mail server re-transmits it, at which point your data will be moved to the allowlist and your email will go through. The length of time between the initial error code and the second sending attempt will depend on the configuration of the mail servers. Many MTAs are set up to retry sending after 5, 10 or 15 minutes, so the delay should not be long.

How do I fix greylisting?

In most cases of greylisting, you do not have to do anything – your email will arrive after a brief delay. If you are encountering repeated and lengthy delays in email delivery due to greylisting, there is probably a problem with the configuration of the outgoing mail server. So as an email user, your best bet is to report the problem to your internet service provider (ISP), who will have to adjust the settings. If you have a specific email that has not been delivered, however, a quick fix is to simply to resend it from the same email address. If the delay is due to greylisting, resending your message manually will usually have the same effect as an automatic resend by your mail server.

We hope you found this glimpse behind the scenes of the spam-filtering process interesting. Please give us some feedback below!
Image: 1&1/Getty Images

Posted in

Email Spam

162 people found this article helpful.

Related articles

Why did my message bounce? The email header can tell you

What is SMTP? And how does SMTP authentication help fight spam?

What is a mailer daemon – and why did my email bounce back?