Greylisting

Temporarily blocking incoming email to distinguish spammers from legitimate senders

Greylisting (sometimes 'graylisting') is a technology where incoming email from unknown senders is bounced back with a temporary error, upon which legitimate senders will resend the email (which is then accepted and delivered), but many mass email tools used by spammers will not bother to do so and the email is never delivered.

More precisely, the receiving mail server looks at the triplet containing the IP address of the sender, the address of the sender and the address of the recipient. If this triplet is unknown, it will refuse the email by sending a SMTP 450 error ('temporary failure'). Following the email protocols, the sending SMTP server will retry to send the email after a short delay; this time the email is accepted and the triplet is whitelisted. Many spammers, however, will not retry and thus the email is never delivered.

Greylisting is an effective method of blocking spam: email blocked this way will never reach the recipient's system, thus saving considerable server space. Its main disadvantage is that the delivery of legitimate email might be delayed. Spam sent from legitimate domains, such as webmail tools, will not be blocked this way.

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 23 comments

AusCert2014

VB2014
VB2014 VB2014 will take place 24 - 26 September 2014 at the Westin Seattle hotel, Seattle, WA, USA.

Virus Bulletin currently has 231,292 registered users.