What is Greylisting?
Knowledge Base > FAQ's > What is Greylisting?
By Jeroen van Meeuwen on September 17, 2017

Greylisting is a measure taken to reduce unsolicited email (SPAM).

When an email delivery attempt is made, we know the sending server’s IP address, the envelope sender address, and the envelope recipient addresses. If this is a previously unseen combination of facts, the delivery attempt will fail with an error message that indicates a temporary error — the sending server is responsible for trying again later.

Email delivery for previously unknown patterns is delayed for at least 5 minutes.

Normally, a sending server will retry delivery;

  • Immediately, against another SMTP server listed in the MX records for the domain, where it is still temporarily blocked — this is known as an early reconnect,
  • Within approximately 30 minutes, at which point the message would be accepted.

Some infrastructures take some time to display the same pattern — these are usually distributed cloud services, sourcing its senders from many IP subnets.

Illegitimate implementations of the SMTP client stack (i.e. spam-bots) will forego subsequent delivery attempts — they often do not maintain a spool. This is why greylisting is effective. Furthermore, spam networks allegedly avoid spamming infrastructures with greylisting in place.

Over the course of time sender domains that recur often, are considered exempt from whitelisting in its entirety, and no further delays are mandated.

When we analyze the effectiveness of the logs (about what was delayed, how, when and for how long), we find these services and add them to a list exempt from greylisting.

See Also

Tags: Tags: ,