What Is Greylisting?
| Answer: |
Greylisting is a mechanism used by mail servers to filter out mail from spam bots. It utilizes the Simple Mail Transport Protocol's (SMTP) built in ability to handle temporary failures in mail delivery to force computers that are delivering mail to provethat they are mail servers and not simply a spam bot. How our implementation works: We understand that mail delays can be problematic, so we've implemented a fair Greylisting system that does not greylist all emails. Only mail being delivered from servers that fail to pass a few simple tests will be subject to the Greylisting system. Forward-confirmed reverse DNS If the reverse dns on the IP address of the connecting computer does not have properly configured DNS for it, then the mail is subject to the greylisting. Servers failing this check are subject to a 2 hour greylist entry. To pass forward-confirmed reverse dns, the IP address of the connecting server simply must have a name associated with the IP address and when looking up that name it must resolve back to the IP address. This simple check both confirms that the operator of this server has basic knowledge of dns protocol and is something that spammers routinely ignore configuring when setting up their spam bots on their newly acquired/hijacked IP space. IP Space Check Once a connection has passed the Forward-confirmed reverse DNScheck a simple IP Space check is performed. Here our system will check and see if the IP address of the connecting server is the same as one of the servers listed as MX for the sender's domain, or if there is no MX we check to see if it's the same as the IP address for the domain name itself or is located within the same (/24) subnet as one of the previously retrieved IP addresses. If any of those criteria match then the connecting server will not be greylisted. IP Organization Check If the IP address of the sending server has not yet been excluded from greylisting we will then check to see if the Organization that is listed as the owner of the IP address used to send the email matches the Organization that owns the IP address that was gotten in the previous IP Space Check. No successful matches If no criteria have been met, at this point a 3 minute greylist entry is created. What does it mean that the email was Greylisted? A mail server is Greylisted by temporarily deferringthe email message. This is done by sending an SMTP response of 450 which means the sending server is required, by SMTP standards, to retry mail delivery at a later time. Mail Delivery Standards Greylisting is based upon accepted internet standards for mail delivery and the Simple Mail Transport Protocol as defined by RFC2128. This document explains temporary failure and retry strategies (Section 4.5.4 Retry Strategies) which document how often a sending server should reattempt delivery of a temporarily deferred message. Failure to pass Greylisting The vast majority of mail that fails to pass greylisting is simply spam. This is because greylisting is based upon the built in fault tolerance of SMTP. Occasionally a legitimate piece of mail will be returned to the sender as a result of the sending server not complying with SMTP standards. This is unfortunate, but we've found it's less than 0.05% of mail that is greylisted that this happens to. In the event this has happened the sender should talk to their mail server administrator and request that they correct their mail server to comply with accepted internet standards for mail delivery as defined in RFC2821. |