Greylisting, temporary issuer rejection

How does greylisting work?

When an e-mail is first received by a server using greylisting, the server returns a temporary error message indicating that delivery is delayed. Legitimate mail servers usually retry delivery after a certain delay, in accordance with SMTP protocol standards. When the legitimate server retries delivery, the mail server applies a temporary whitelist to accept the e-mail. This means that subsequent e-mails from the specific sender are accepted without further delay.

Is greylisting effective in reducing spam?

Greylisting can be effective in reducing spam, as many spam servers are not configured to retry delivery after a specified delay. However, some spam servers can be configured to bypass greylisting by retrying delivery, which reduces its effectiveness.

What are the differences between greylisting and blacklist or rule-based filtering?

Greylisting:

• Greylisting uses a temporal approach to filtering e-mails. Initial e-mails from unknown senders are temporarily rejected, prompting spam servers to retry delivery.
• Legitimate mail servers usually retry delivery after a certain delay, while spam servers tend not to.
• Greylisting is not based on blacklists or specific rules, but rather on the behavior of mail servers when they attempt to deliver e-mails.

Blacklist-based filtering:

• Blacklist-based filtering uses databases of servers or IP addresses known to be associated with spam.
• E-mails from these IP addresses are blocked or marked as spam.
• Blacklists are maintained by specialized organizations and are regularly updated to include newly identified spam servers.

Rules-based filtering:

• Rules-based filtering uses specific criteria to identify unwanted e-mails.
• Rules can include keywords, regular expressions, specific headers and so on.
• E-mails matching the filtering criteria are blocked or marked as spam.

The main differences between these techniques lie in their approach and filtering mechanism:

• Greylisting is based on the behavior of mail servers when delivery is attempted.
• Blacklist-based filtering relies on pre-established databases of known IP addresses of spam servers.
• Rule-based filtering uses specific criteria to identify unwanted e-mails.

It should be noted that these techniques can be used in combination to provide more comprehensive protection against spam and junk e-mail, as is the case with Altospam.

Examples

Example of an SMTP transaction ending with a temporary rejection (Greylisting):
z03:~# telnet c03.altospam.com 25
220 c03.altospam.com ESMTP
helo toto.com
250 “HELO OK.”
mail from: toto@toto.com
250 “MAIL FROM OK.”
rcpt to: toto@titi.com
250 “RCPT TO OK.”
data
354 Enter message, ending with “.” on a line by itself
Subject: Test
Test
.
451 [FR] Hello, your message has been temporarily refused. Your me
ssage server will resend it automatically. Your recipient should receive your
your email in a few minutes. [EN] Hello, your message was temporarily refused
d. Your mail server will resend it automatically. Your recipient should receiv
e your email in a few minutes. >>> //www.altospam.com/
quit
221 c03.altospam.com closing connection

Altospam applications

In ALTOSPAM, Greylising is used as a last resort, only when conventional analysis has failed to determine whether or not the message is spam. This avoids latency in the receipt of emails, as well as a decision based on a single analysis criterion.

Further information

• Article on how Greylisting works and how it is integrated into ALTOSPAM
• Greylisting explained by an IT security expert
• Original article on Greylisting
• Overview of anti-spam technologies