Greylisting
Anti-spam technique: Greylisting | |
---|---|
Date of first use: | early 2000s |
Effectiveness: | High |
Popularity: | Low, increasing |
Difficulty of implementation: | medium |
Where implemented: | MTA |
Harm: | {{{harm}}} |
Greylisting (AKA graylisting) is an extremely effective method against fly-by-night (i.e. chickenbone) spammers who use cracked PCs (botnets, for example) to send the spam. It is utterly ineffective against so called mainslease spam.
Greylisting operates by initially deferring incoming messages by giving a 451 (means: temporary error, try again later) response during the smtp protocol dialogue. The receiving MTA stores information about the attempted delivery (sender's IP address, envelope sender address, envelope recipient address), which is called the triplet.
If the new delivery attempt with the same tripled comes within the time window that the receiving MTA uses the message will be accepted. Often the triplets are stored for a while so that the next messages will get thru without delay.
While effective against certain kinds of spam, the technique has it's drawbacks:
- messages are initially delayed, possibly for days
- problems with outbound server pools
- unwanted interactions with servers doing callbacks
- unnecessary burden on the sending MTAs