WebsiteKnowledge Base

What Is Greylisting?

Greylisting is a mechanism used by mail servers to filter out mail from spam bots.

It utilizes the Simple Mail Transport Protocol's (SMTP) built in ability to handle temporary failures in mail delivery to force computers that are delivering mail to prove that they are mail servers and not simply a spam bot.

How our implementation works:

We understand that mail delays can be problematic, so our Greylisting system will by default only Greylist mail for 3 minutes. There are some exceptions.

Forward-confirmed reverse DNS

If the reverse dns on the IP address of the connecting computer does not have properly configured DNS for it, then the mail is subject to a 2 hour greylist entry.

To pass forward-confirmed reverse dns, the IP address of the connecting server simply must have a name associated with the IP address and when looking up that name it must resolve back to the IP address.

This simple check both confirms that the operator of this server has basic knowledge of dns protocol and is something that spammers routinely ignore configuring when setting up their spam bots on their newly acquired/hijacked IP space.

Common domain with SPF record match

Common mail services that publish SPF records will not be greylisted.

Internal SPAM lists

We have some internal lists that we use to greylist for longer times based on highly likelihood of spam from the sending server. The greylist delay for messages from these servers will vary based on severity of SPAM reputation.

Successfully passing Greylisting

Once a sending server has passed greylisting a few times it will be added to a semi-permanent list that is allowed to deliver mail with no further delays.

What does it mean that the email was Greylisted?

A mail server is Greylisted by temporarily deferring the email message. This is done by sending an SMTP response of 450 which means the sending server is required, by SMTP standards, to retry mail delivery at a later time.

Mail Delivery Standards

Greylisting is based upon accepted internet standards for mail delivery and the Simple Mail Transport Protocol as defined by RFC2128. This document explains temporary failure and retry strategies (Section 4.5.4 Retry Strategies) which document how often a sending server should reattempt delivery of a temporarily deferred message.

Failure to pass Greylisting

The vast majority of mail that fails to pass greylisting is simply spam. This is because greylisting is based upon the built in fault tolerance of SMTP. Occasionally a legitimate piece of mail will be returned to the sender as a result of the sending server not complying with SMTP standards. This is unfortunate, but we've found it's less than 0.05% of mail that is greylisted that this happens to. In the event this has happened the sender should talk to their mail server administrator and request that they correct their mail server to comply with accepted internet standards for mail delivery as defined in RFC2821.