Greylisting

Temporarily blocking incoming email to distinguish spammers from legitimate senders

Greylisting (sometimes 'graylisting') is a technology where incoming email from unknown senders is bounced back with a temporary error, upon which legitimate senders will resend the email (which is then accepted and delivered), but many mass email tools used by spammers will not bother to do so and the email is never delivered.

More precisely, the receiving mail server looks at the triplet containing the IP address of the sender, the address of the sender and the address of the recipient. If this triplet is unknown, it will refuse the email by sending a SMTP 450 error ('temporary failure'). Following the email protocols, the sending SMTP server will retry to send the email after a short delay; this time the email is accepted and the triplet is whitelisted. Many spammers, however, will not retry and thus the email is never delivered.

Greylisting is an effective method of blocking spam: email blocked this way will never reach the recipient's system, thus saving considerable server space. Its main disadvantage is that the delivery of legitimate email might be delayed. Spam sent from legitimate domains, such as webmail tools, will not be blocked this way.

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 231,340 registered users.