What is greylisting?

Greylisting is a method used in email management to combat spam. It operates by temporarily rejecting emails from unknown senders. An article titled, Measuring the Role of Greylisting and Nolisting in Fighting Spam, states, “The main idea of nolisting and greylisting is that the lack of compliance to standards can be used to prevent malware from delivering the spam messages in the first place.” When a mail server receives an email from a sender for the first time, it doesn't immediately deliver the message. Instead, the server returns a temporary error, prompting the sending server to try again later. This delay is a strategic move, as legitimate email servers will typically retry sending the email after a short period.

How does greylisting work?

• Email reception: When an email server receives a message from an unknown sender (i.e., a sender who has not communicated with the recipient before), the greylisting process is triggered.
• Temporary rejection: Instead of accepting or permanently rejecting the email, the receiving server sends back a temporary error message to the sender. This message typically follows the SMTP protocol standards and indicates that the email could not be delivered at that moment but may be accepted if resent later.
• Recording sender information: The greylisting system records key details about the incoming email, such as the sender's IP address, the envelope sender's email address, and the recipient's email address.
• Wait period: The sender's server, upon receiving the temporary rejection, enters a wait period before attempting to resend the email. Legitimate email servers are programmed to retry sending emails after a delay – commonly around 15 minutes.
• Resending attempt: After the waiting period, the legitimate sending server attempts to resend the email.

See also: What are soft bounces?

Criteria for greylisting

The criteria or conditions that typically trigger the greylisting of an email can vary depending on the specific implementation of the greylisting system. However, most systems use a combination of the following factors:

• Sender's IP address
• Envelope sender's email address
• Multiple recipient email address detected
• Combination of sender IP and recipient email
• First-time communication
• Flagged email headers and content (less Common)
• Frequent of emails
• Untrustworthy or questionable server's reputation
• Non-compliance with SMTP protocol

See also: HIPAA Compliant Email: The Definitive Guide

Role of SMTP in greylisting

When a greylisting system temporarily rejects an email from an unknown sender, it communicates this rejection to the sender's server using an SMTP error code. This error code, typically in the 4xx range, indicates a temporary issue. According to SMTP standards, a legitimate email server receiving this code understands it as a temporary failure and is programmed to retry sending the email after a delay. 

This delay is not explicitly defined by SMTP but is commonly set to around 15 minutes by most email servers. The retry mechanism is thus an integral part of SMTP's handling of email delivery issues. When the sending server retries after the designated waiting period, the greylisting system, recognizing the attempt as compliant with SMTP protocol, is more likely to allow the email through, distinguishing legitimate senders from spammers who typically do not follow up on temporary rejections.

Impact on email delivery time

While greylisting effectively filters out spam by exploiting the lack of retry attempts from spam servers, it also temporarily slows down the delivery of legitimate emails, especially when communication is first attempted between the sender and the recipient. 

See also: What are whitelisting and blacklisting?

FAQs

How does HIPAA compliant email help avoid greylisting?

HIPAA compliant email typically uses trusted and verified email servers that are less likely to be greylisted by other email providers due to their adherence to security standards.

What is the difference between greylisting and blacklisting?

Greylisting temporarily blocks incoming emails from unknown senders to deter spam, whereas blacklisting permanently blocks emails from senders identified as sources of spam or malicious content.

What is an IP address?

An IP address is a unique string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over a network.