You have probably heard of blacklisting, where access to a service is denied to a group of entities. And you have heard of whitelisting, where access is exclusively granted to a group of entities, possibly bypassing normal protection measures. So, what would greylisting mean?
What is greylisting – generally speaking?
In the context of e-mail, greylisting is a term describing a procedure used to protect your e-mail from unwanted messages.
How do you recognize spammers?
Spammers often send messages to generic email addresses. They do not have a database of subscribers, but rather ‘shoot in the dark’ – aiming for commonly used names and prefixes such as Anna@… or mail@… created on popular domain names. The majority of the recipients do not even exist. The result is spam senders get a lot of bounce-back messages and non-deliverables. The spamming server will not attempt to send the message again as it does not do any kind of error checking.
How do normal outgoing mail servers differ?
Here lies the difference with a normal outgoing mail server – unlike a spammer, for a normal server a failure to send a message would be a cause for concern. That normal server will try to resend the message automatically (without necessarily notifying the user) 7 minutes later, then another 7 minutes, then a couple hours later and so on.
The greylisting technique
Greylisting recognizes that difference in behavior between different outgoing mail servers and changes the behavior of the incoming server. When someone sends you a message for the first time, the greylisting server will reject it automatically and wait for a retry. If a second such message appears, your server will know it was not sent by a spammer, and will accept the message. Moreover, it will put it on a temporary whitelist. The more messages you successfully receive from that sender, the more trusted they will be from your server.
Does $$BrandName$$ support greylisting?
Greylisting is a technique, very successful at filtering spam – a rule, integrated at an infrastructural level which cannot be enabled or disabled individually per account. All major providers use greylisting nowadays, including $$BrandName$$.