Greylisting - Another tool in the war against spam

Home » Podcasts » 2005 Podcasts

A client turned me on to a relatively new, and effective, anti-spam tool.

•

Listen to the podcast: Greylisting - another tool in the war against spam

Transcript

We all know that spam's a huge problem. I know I certainly get more spam than real mail, though with various spam filters on my server and rules in my email client I'm able to weed most of it out. I do have the occasional false positive, but for that reason I actually archive every email I get, including the spam, on my mail server, just in case.

A client pointed me at something called "greylisting", which I recently implemented on his mail server. As the name implies, it's logically somewhere between whitelisting and blacklisting.

Whitelisting implies specifying who is allowed to send you email, and blacklisting just the opposite. Greylisting requires the sender to prove that they're a relatively well-behaved mail server, in at least one respect, before mail is accepted.

When a mail server is asked to accept a piece of email for delivery, the mail protocol allows it to respond with the equivalent of "not now, I'm too busy". The sender is then supposed to wait some amount of time, and attempt to send the mail again. Many spambots don't bother retrying. If the mail can't be sent, the bot simply moves on to it's next potential victim.

Greylisting maintains a database of who's attempted to send mail. Typically the To, From and IP addresses of each email are tracked. The first time a unique combination of To, From and IP are found, the server responds with "I'm too busy". When the sender retries later, greylisting notices that they're already in the database, and allows the mail through. And the tracking is cumulative: within limits, once a To/From/IP combination has proven itself valid, it is no longer subject to the greylisting delay.

My client reports a 90% reduction in spam. That's pretty significant.

My concerns with the technique were twofold: there are known valid email agents that do not handle the "I'm too busy" status properly, and will bounce the email back to the sender instead of retying. Those seem to be few, however. And, as the technique grows in popularity, it seems likely that spammers will counter with smarter spambots that behave properly.

Until then, however, greylisting seems to be an effective technique. Remember, though, it's not something you can use on your mail client, it's a mail server technique. You can find out more at greylisting.org.

Related:

• Ask Leo! - How do I get rid of all this SPAM?!?!

Article C2468 - November 23, 2005