Greylisting

From ASRG
Revision as of 17:04, 16 January 2008 by Punkki (talk | contribs) (New page: {{ast |date=early 2000s |difficult=medium |popular=Low, increasing |effective=High |where=MTA }} Greylisting (AKA graylisting) is an extremely effective method against fly-by-night (i.e. ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
Anti-spam technique: Greylisting
Date of first use: early 2000s
Effectiveness: High
Popularity: Low, increasing
Difficulty of implementation: medium
Where implemented: MTA
Harm: {{{harm}}}


Greylisting (AKA graylisting) is an extremely effective method against fly-by-night (i.e. chickenbone) spammers who use cracked PCs (botnets, for example) to send the spam. It is utterly ineffective against so called mainslease spam.

Greylisting operates by initially deferring incoming messages by giving a 451 (means: temporary error, try again later) response during the smtp protocol dialogue. The receiving MTA stores information about the attempted delivery (sender's IP address, envelope sender address, envelope recipient address), which is called the triplet.

If the new delivery attempt with the same tripled comes within the time window that the receiving MTA uses the message will be accepted. Often the triplets are stored for a while so that the next messages will get thru without delay.

While effective against certain kinds of spam, the technique has it's drawbacks:

  • messages are initially delayed, possibly for days
  • problems with outbound server pools
  • unwanted interactions with servers doing callbacks
  • unnecessary burden on the sending MTAs