Greylisting – A novel but controversial way to reduce spam

Greylisting is a technique to reduce spam that works by giving a temporary failure to new mail hosts and allowing them to deliver once they wait for 10 minutes or so. It works because most spammers are either spambots or other spam programs which tend to not behave anything like a real MTA and will not attempt to redeliver after failed attempts, or they are open relays. These days most open relays are in RBL’s so they are far less effective. Normal good MTA’s will redeliver the mail within 4 hours and be added to a whitelist forever.

Whoever thought up this approach was clever – the side effects are minimal and it reduces spam dramatically. However I still have two major concerns with it, it is RFC bending and its delays real mail. Greylisting creates somewhat unnecessary strain on good hosts by making them queue all mail until they are whitelisted. This is somewhat rude behaviour and many people rely on the speed of their email.

There is also the question of the width of the netblock that should be added to the whitelist (see the debian-devel mailing list for a discussion of this issue). In theory its possible that good hosts would not be able to deliver if the used a farm of SMTP servers with a wide range of IP addresses. In practice this is not really an issue because such hosts do not really exist, but its certainly something that raises a flag about the dangers of messing with established protocols.

In general its a highly effective technique for those who are getting hammered by spam. For others, in combination with RBL’s (e.g. greylisting only hosts from wide RBL’s) it can be another tool in a comprehensive arsenal.

Leave a Reply

Your email address will not be published. Required fields are marked *