Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Greylisting – Another tool in the war against spam

A client turned me on to a relatively new, and effective, anti-spam tool.

Become a Patron of Ask Leo! and go ad-free!

Transcript

We all know that spam’s a huge problem. I know I certainly get more spam than real mail, though with various spam filters on my server and rules in my email client I’m able to weed most of it out. I do have the occasional false positive, but for that reason I actually archive every email I get, including the spam, on my mail server, just in case.

A client pointed me at something called “greylisting”, which I recently implemented on his mail server. As the name implies, it’s logically somewhere between whitelisting and blacklisting.

Whitelisting implies specifying who is allowed to send you email, and blacklisting just the opposite. Greylisting requires the sender to prove that they’re a relatively well-behaved mail server, in at least one respect, before mail is accepted.

When a mail server is asked to accept a piece of email for delivery, the mail protocol allows it to respond with the equivalent of “not now, I’m too busy”. The sender is then supposed to wait some amount of time, and attempt to send the mail again. Many spambots don’t bother retrying. If the mail can’t be sent, the bot simply moves on to it’s next potential victim.

Greylisting maintains a database of who’s attempted to send mail. Typically the To, From and IP addresses of each email are tracked. The first time a unique combination of To, From and IP are found, the server responds with “I’m too busy”. When the sender retries later, greylisting notices that they’re already in the database, and allows the mail through. And the tracking is cumulative: within limits, once a To/From/IP combination has proven itself valid, it is no longer subject to the greylisting delay.

My client reports a 90% reduction in spam. That’s pretty significant.

My concerns with the technique were twofold: there are known valid email agents that do not handle the “I’m too busy” status properly, and will bounce the email back to the sender instead of retying. Those seem to be few, however. And, as the technique grows in popularity, it seems likely that spammers will counter with smarter spambots that behave properly.

Until then, however, greylisting seems to be an effective technique. Remember, though, it’s not something you can use on your mail client, it’s a mail server technique. You can find out more at greylisting.org.

I’d love to hear from you. This is article 9461 – to leave a comment, go to askleo.info, enter 9461 in the go to article number box, and add your comments to the discussion.

This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of technical questions and their answers are posted online and ready to help solve your computer problems. * New questions and answers are added daily.

That’s askleo.info.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.