DELIVTERMS: Greylisting


Greylisting is where an ISP or mailbox provider configures their mail server to temporarily delay incoming email. Usually not long -- perhaps for only 60 seconds to a few minutes.

How? Mail servers that support this have a setting where they track server connections. If it's the first time a certain server or domain connects to them, they defer (temporarily reject) that connection or address with a 4xx temporary failure. This invites the sending server to try again later. Most sending mail servers have a "retry interval" setting that governs how long until they retry. In some cases, it's 15 minutes, in other cases, a few hours. This can usually be configured by the administrator of the sending MTA.

Why? It's a form of spam filtering. It is done to stop spam from spammers who are using non-traditional email infrastructure. Spammers using janky scripts or botnet infected computers to shovel up mail don't usually have full mail server capabilities. They often can't queue up an email message for an easy retry in a few minutes. In a lot of cases, they just give up and never try that message again. Thus, the intended user never receives that piece of unwanted junk email.

Most "real" or "legitimate" sending infrastructure can handle this little "bump and retry" just fine. Thus, greylisting pretty much blocks unwanted mail only -- not wanted mail. Like many things in life, this can be a bit imperfect -- bad guys could certainly spam you through infrastructure that deals with this, if they wanted to. But many do not.

The upsides? As mentioned above, it blocks very little legit mail. And if it delays legit mail, it only does so for a short while, usually harmlessly.

The downsides? Those delays can be very, very annoying when you're waiting for a password reset email. Or if a "legit" sender's infrastructure is a bit broken and can't deal with the requirement to queue and retry the message. You could in theory lose a legitimate email message.

This really is a server level setting, so it's not something an individual user can use to filter spam to their Gmail or Hotmail account. You've got to be be a nerd, running your own nerd email server, to enable greylisting and observe its effects first hand. (Or maybe your ISP could use it, but you'll never really see what's going on until the mail comes through, as ISPs and mailbox providers aren't really providing mail server logs and mail server status info to end users.)

And speaking of servers and nerds, greylisting is not universally loved by those administrating servers that send big email volumes. Those little delays add up and this means that senders end up with more mail in their mail queues for longer, using up disk space for longer, and slowing down email delivery.

Want to learn more about deliverability terminology? If so, be sure to visit the DELIVTERMS section here on Spam Resource.

Post a Comment

Comments