Helping people with computers... one answer at a time.
•
Listen to the podcast: Greylisting -
another tool in the war against spam 
Transcript
We all know that spam's a huge problem. I know I certainly get more spam than real mail, though with various spam filters on my server and rules in my email client I'm able to weed most of it out. I do have the occasional false positive, but for that reason I actually archive every email I get, including the spam, on my mail server, just in case.
A client pointed me at something called "greylisting", which I recently implemented on his mail server. As the name implies, it's logically somewhere between whitelisting and blacklisting.
Whitelisting implies specifying who is allowed to send you email, and blacklisting just the opposite. Greylisting requires the sender to prove that they're a relatively well-behaved mail server, in at least one respect, before mail is accepted.
When a mail server is asked to accept a piece of email for delivery, the mail protocol allows it to respond with the equivalent of "not now, I'm too busy". The sender is then supposed to wait some amount of time, and attempt to send the mail again. Many spambots don't bother retrying. If the mail can't be sent, the bot simply moves on to it's next potential victim.
Greylisting maintains a database of who's attempted to send mail. Typically the To, From and IP addresses of each email are tracked. The first time a unique combination of To, From and IP are found, the server responds with "I'm too busy". When the sender retries later, greylisting notices that they're already in the database, and allows the mail through. And the tracking is cumulative: within limits, once a To/From/IP combination has proven itself valid, it is no longer subject to the greylisting delay.
My client reports a 90% reduction in spam. That's pretty significant.
My concerns with the technique were twofold: there are known valid email agents that do not handle the "I'm too busy" status properly, and will bounce the email back to the sender instead of retying. Those seem to be few, however. And, as the technique grows in popularity, it seems likely that spammers will counter with smarter spambots that behave properly.
Until then, however, greylisting seems to be an effective technique. Remember, though, it's not something you can use on your mail client, it's a mail server technique. You can find out more at greylisting.org.
I'd love to hear from you. This is article 9461 - to leave a comment, go to askleo.info, enter 9461 in the go to article number box, and add your comments to the discussion.
This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of technical questions and their answers are posted online and ready to help solve your computer problems. * New questions and answers are added daily.
That's askleo.info.
Article C2468 - November 23, 2005
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.