Fight spam with Greylisting

There are many anti-spam techniques available, and a combination of different techniques can produce highly satisfactory results. One of them, in vogue in recent months, is called “gray listing”. We will discuss this concept in this document.

A solution against spam!

Greylisting was proposed by Evan Harri in his article “The Next Step in the Spam Control War: Greylisting” [1] (translated into French by B&A Consultants [2]). This technique was developed to combat spam, but also works against viruses transmitted by e-mail. Greylisting is a method that needs to be implemented directly on your company’s mail server. It temporarily rejects all mail arriving on your mail server.

Today’s results show that implementing a greylisting solution considerably reduces the number of spam messages received, while avoiding false positives (see statistics [3]). The number of spam messages can be divided by 10 and the number of viruses by 20!

How Gray Listing works

A triplet identified by the IP address of the sending server, the sender’s e-mail address and the recipient’s e-mail address is associated with each e-mail.

If the triplet appears for the first time, the mail server returns a 4xx code (temporary refusal) to the remote SMTP server. If this server is a real SMTP server, the mail will be forwarded later. If the triplet reappears after a certain time (configurable, allow between 15 minutes and half an hour), the message is accepted and our triplet is whitelisted.

If the email is resent before this time, it will be temporarily refused again. After a certain delay (4 or 5 hours), greylisted triplets are deleted. In addition, a whitelist reset is recommended periodically (between 1 week and 1 month).

Limits and drawbacks

Unfortunately, there are imperfections in the use of this method. The use of greylisting creates a latency time between the sending of a message and its reception by the recipient during the first exchanges or after resets.

What’s more, the way it works, messages are received several times by your mail server, which can saturate it and tie up bandwidth. Some spam servers are able to bypass this technology by periodically re-emitting undelivered spam.

Strength in numbers

To avoid this type of drawback, one technique used by the outsourced anti-spam service Altospam [4] is to combine greylisting with standard spam filtering solutions such as heuristic analysis, the use of RBLs or spam databases, the use of Bayesian filters or a combination of these techniques.

The advantage of such a solution is that it only greylists messages that are difficult to identify as spam or hams. Legitimate messages will be received directly by their recipients, securely identified spam will be refused or rejected, and confusing emails will have to pass the greylisting test.

References & Internal links

[1] The Next Step in the Spam Control War: Greylisting – Evan Harri – http://projects.puremagic.com/greylisting/whitepaper.html
[2] A new step in spam control: Greylisting – B&A Consultants
[3] Postgrey – Postfix Greylisting Policy Server – https://postgrey.schweikert.ch/
[4] Altospam: outsourced antispam gateway – https://www.altospam.com/