What is Greylisting?
The Anti Spam engine in MailSite Collaborator 8 now includes Greylisting. If enabled Greylisting provides another defense against spam along with the Spam scanning engine. Greylisting is only available to customers that have a Anti Spam subscription for MailSite Collaborate 8 and later.
Greylisting works by intentionally deferring messages. It is based on the assumption that most servers/bots etc sending spam do not reattempt delivery of a message when it has been deferred with a 4XX error. A correctly configured mail server will try delivering the message at a later time.
When a message is first sent, MailSite will defer the message with the following error:
“451 4.7.1 Transaction is greylisted for 1200 seconds. Search the internet for 'greylisting' if you don't know what this means.”
This tells the remote mail server that the message cannot be accepted at this time. Most spam servers will at this point discard the message and will not retry. Holding messages to deliver at a later date incurs cost in terms of storage and bandwidth, so it is cheaper for spammers just to ignore and move on.
A correctly configured mail server will hold the message in a queue and retry at a later time according to the retry schedule on that server. When MailSite sends messages to remote servers it follows the retry schedule as defined in the ‘Elapsed Time Schedule’ found in the MailSite console under ‘Schedules’.
As shown above this transaction example, has been greylisted for 1200 seconds. This size of this deferring period is configurable from the MailSite Console.
MailSite stores Greylisting information in sets called ‘triplets’. This consists of the IP address, the Sender and Recipient (both from the SMTP envelope). After the first attempt MailSite ‘Greylists’ that triplet. If another attempt is made to send the message within the 1200 seconds from the same triplet, the message will still be deferred.
The message will be accepted only after the 1200 seconds has elapsed and before a Greylist expire time (which are both configured in the ‘MailSite Console > Filtering > MailShell Anti Spam Filter > Greylisting’). Once an reattempt has been made from the remote server after the 1200 seconds then MailSite will add the 'triplet' to a whitelist. Any subsequent emails sent from particular 'triplet' will not be subjected to greylisting. The entries within the whitelist will remain there until the GreyList Expiry time has been reached. This value can be configured within the MailSite console. After the 'triplet' has been purged from the whitelist, any subsequent attempt to send a message to MailSite will have to go through the greylisting procedure.
If another user from the remote server sends a message to MailSite, then this 'triplet' will also be subject to Greylisting as the Sender address will be different.
More in-depth explanations on Greylisting can be found with a Internet search.
Last revised 2008-7-1