(FAQ) What is Greylisting?
Greylisting is a new method of blocking spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.
Greylisting relies on the fact that most spam sources do not behave in the same way as 'normal' mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention.
The term Greylisting is meant to describe a general method of blocking spam based on the behavior of the sending server, rather than the content of the messages. Greylisting does not refer to any particular implementation of these methods. Consequently, there is no single Greylisting product. Instead, there are many products that incorporate some or all of the methods described here.
Greylisting got it's name because it is kind of a cross between black- and white-listing, with mostly automatic maintenance. A key element of the Greylisting method is this automatic maintenance.
The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a 'triplet' from now on) about any particular mail delivery attempt:
- The IP address of the host attempting the delivery.
- The envelope sender address.
- The envelope recipient address.
From this, we now have a unique triplet for identifying a mail 'relationship'. With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.
Since SMTP is considered an unreliable transport, the possibility of temporary failures is built into the core spec (see RFC 821). As such, any well behaved message transfer agent (MTA) should attempt retries if given an appropriate temporary failure code for a delivery attempt.