Greylisting

Greylisting.org Acquisition

VPNReactor.com is delighted to announce the acquisition of the spam combatting advisory website GreyListing.org.

Greylisting.org has been, for some time, at the forefront of web and email spam fighting and has been quoted and referenced by multiple academic institutions as well as well-respected online resources.

Riley Marsden, Chief Editor of VPN Reactor said “we have been aware of the good work that GreyListing.org have been doing for the web community for some time and their mission ties in with what we’re trying to do here at VPN Reactor: make the web safer for everyone. We’re delighted to have them on board.”

For the uninitiated, here’s a snapshot of exactly what greylisting is and how it works.

What is Greylisting?

Greylisting is a method of defending email users from spam emails by figuring out whether the email is coming from a legitimate or suspicious sender. It’s carried out by a Mail Transfer Agent (MTA) or simply an email server.

A mail transfer agent (MTA) that employs greylisting will temporarily reject any suspicious email from a sender it doesn’t recognize. It will request that the originating email server tries to resend the email after a certain amount of time has elapsed.

This method is usually enough to stop actual spam. That’s because most mass spammers go through a massive number of email addresses but can’t afford the sophisticated features or the time delay to retry sending the email multiple times.

In contrast, a legitimate Simple Mail Transfer Protocol (SMTP) server will attempt sending a delayed email multiple times until the email is accepted.

How does email Greylisting work?

To understand how greylisting works, you should first acquaint yourself with how an email is sent. Emails delivered using the SMTP protocol are sent in units called envelopes. Each envelope contains the sender’s address, then the recipient’s address, then the actual body of the message.

A server using greylisting will cache three pieces of data called a “triplet” for every incoming email:

The sending server’s IP address
The envelope sender address
The envelope recipient address(es)

When an email from an unknown sender with a triplet has not been recorded before it arrives, it will initially be blocked by the server. The latter sends a temporary SMTP 4xx error code informing the sending server that the email has been “temporarily rejected.”

Since this is only a temporary delay, a legitimate SMTP will try resending the email after a set period of time, unlike a non-RFC-compliant spamming server that won’t attempt sending the email again. The default delay for most servers is 15 minutes, although it can go up to a couple of hours.

Suppose the sending server successfully manages to send the email again within the specified time limit. In that case, it will be identified as a non-spam source and be whitelisted for future emails. The sender’s IP address is also saved in the greylisting cache to ensure that the MTA will not interrupt any future emails from the same server.

The only caveat is that it’s only saved for up to 24 hours. This means that unless the sender sends you emails frequently, they may have to go through the greylisting process again.

Greylisting vs Blacklisting: what is the difference?

The difference between the two is quite simple and can be guessed from their names.

An email from a sender on your blacklist will never be allowed to go through, regardless of the number of attempts.

Conversely, greylisting only blocks the email from going through temporarily. As long as the sending server attempts to resend the email, you shouldn’t worry about the email falling through the cracks.

Advantages and Disadvantages of Greylisting

Greylisting has many advantages. Most importantly, it’s pretty straightforward to implement and requires no additional configuration from the users’ end. In fact, the user will only notice a delay upon receiving the first email from a sender, but this delay will help protect them from malicious senders and unidentified malware.

This method is also very cheap to implement as it uses fewer CPU and memory resources, unlike other power-intensive filtering methods.

However, despite its various advantages, it’s not without shortcomings. To illustrate, if your server uses greylisting, there’s no guarantee that your emails will arrive in your inbox in a reasonable amount of time.

This delay can be frustrating in most cases, but it can also be downright ineffective for time-sensitive emails such as password resets and account activation links. Some legitimate emails may even be wrongfully flagged as spam in rare cases, causing them to be lost.

Ultimately, greylisting is currently one of the best ways to fight email spam.