Greylisting, temporary issuer rejection

What is greylisting?

Definition of GREYLISTING

Greylisting is an anti-spam technique that consists of temporarily rejecting a message, by sending a temporary refusal code to the sending server. The latter, in compliance with the SMTP protocol, must resend the e-mail after a few minutes – most spam servers don’t bother!

Legitimate mail servers are configured to retry delivery after a certain delay, whereas spam servers tend not to. So greylisting allows you to filter out some of the spam by forcing spam servers to retry delivery.

Glossaire définition greylisting

How does greylisting work?

When an e-mail is first received by a server using greylisting, the server returns a temporary error message indicating that delivery is delayed. Legitimate mail servers usually retry delivery after a certain delay, in accordance with SMTP protocol standards. When the legitimate server retries delivery, the mail server applies a temporary whitelist to accept the e-mail. This means that subsequent e-mails from the specific sender are accepted without further delay.

Is greylisting effective in reducing spam?

Greylisting can be effective in reducing spam, as many spam servers are not configured to retry delivery after a specified delay. However, some spam servers can be configured to bypass greylisting by retrying delivery, which reduces its effectiveness.

What are the differences between greylisting and blacklist or rule-based filtering?

Greylisting:

  • Greylisting uses a temporal approach to filtering e-mails. Initial e-mails from unknown senders are temporarily rejected, prompting spam servers to retry delivery.
  • Legitimate mail servers usually retry delivery after a certain delay, while spam servers tend not to.
  • Greylisting is not based on blacklists or specific rules, but rather on the behavior of mail servers when they attempt to deliver e-mails.

Blacklist-based filtering:

  • Blacklist-based filtering uses databases of servers or IP addresses known to be associated with spam.
  • E-mails from these IP addresses are blocked or marked as spam.
  • Blacklists are maintained by specialized organizations and are regularly updated to include newly identified spam servers.

Rules-based filtering:

  • Rules-based filtering uses specific criteria to identify unwanted e-mails.
  • Rules can include keywords, regular expressions, specific headers and so on.
  • E-mails matching the filtering criteria are blocked or marked as spam.

The main differences between these techniques lie in their approach and filtering mechanism:

  • Greylisting is based on the behavior of mail servers when delivery is attempted.
  • Blacklist-based filtering relies on pre-established databases of known IP addresses of spam servers.
  • Rule-based filtering uses specific criteria to identify unwanted e-mails.

It should be noted that these techniques can be used in combination to provide more comprehensive protection against spam and junk e-mail, as is the case with Altospam.

Examples

Example of an SMTP transaction ending with a temporary rejection (Greylisting):
z03:~# telnet c03.altospam.com 25
220 c03.altospam.com ESMTP
helo toto.com
250 “HELO OK.”
mail from: toto@toto.com
250 “MAIL FROM OK.”
rcpt to: toto@titi.com
250 “RCPT TO OK.”
data
354 Enter message, ending with “.” on a line by itself
Subject: Test
Test
.
451 [FR] Hello, your message has been temporarily refused. Your me
ssage server will resend it automatically. Your recipient should receive your
your email in a few minutes. [EN] Hello, your message was temporarily refused
d. Your mail server will resend it automatically. Your recipient should receiv
e your email in a few minutes. >>> //www.altospam.com/
quit
221 c03.altospam.com closing connection

Altospam applications

In ALTOSPAM, Greylising is used as a last resort, only when conventional analysis has failed to determine whether or not the message is spam. This avoids latency in the receipt of emails, as well as a decision based on a single analysis criterion.

Would you like to strengthen your e-mail security?

Security starts in your mailbox. Phishing, Spear Phishing, malware, ransomware, spam, viruses – we offer a free 15-day analysis of your inbox.