What is Greylisting?
Greylisting, is a method of defending e-mail users against spam. Typically, a server employing greylisting will record the three pieces of data known as a “triplet” for each incoming mail message:
* The IP address of the connecting host
* The envelope sender address
* The envelope recipient address
This is checked against the mail server’s internal database. If this triplet has not been seen before (within some period), the email is greylisted for a short time (typically 300 secs), and it is refused with a temporary rejection. The assumption is that since temporary failures are built into the RFC specifications for email delivery, a legitimate server will attempt to connect again later on to deliver the email.
Greylisting is effective because many mass email tools used by spammers will not bother to retry a failed delivery, so the spam is never delivered. When a spammer does retry a delivery after the waiting period has expired, however, it will likely be after a number of automated honeypots have detected the spam source and listed both the source and the particular message in their databases. Thus, these subsequent attempts are more likely to be detected as spam by other mechanisms than they were at first.
Tags: anti-spam, greylisting Posted in