fbpx
greylisting

How does Greylisting work?

Greylisting is an anti-spamming technique. This is done by a Mail Transfer Agent (MTA) or simply an email server. It is an effective method against email spamming. As the name indicates,  greylisting stands between whitelisting and blacklisting. Suppose you are adopting the exim as your MTA and you are using greylisting in it to prevent the spamming. Now, your MTA will reject any email from an unrecognized sender. This rejection will be temporary. The server will then wait for a predefined time period to see if the rejected email is resent. Suppose the email was a legitimate email, then the email will be resent by the sending server after a time period. This waiting time of the rejecting server will be enough to receive the resent email. If it is received again within the time period, then the server will deliver it to the recipient. Then the sending email will not try to resend it, so that your MTA will wait for the predefined time and will not get the email again.

How does the greylisting work

As we’ve seen earlier, greylisting enabled server will reject the emails from any unknown or suspected email senders. The MTA will keep a record of three pieces of data as follows.

1) The IP address

2) The envelope sender address

3) The envelope recipient address

These three pieces of data is known as the “triplet”. The three technical terms are described below. To understand this better you need to have an idea on how the email is being sent. The emails are sent using the SMTP protocol on Internet. In this protocol, the emails are sent in units called envelopes. When an email is sent, first the address of the envelope sender is sent, then the recipient address and finally, the actual message. It will consist of the header and body of the email message.

IP address: The IP address of the sending MTA.

The envelope sender address: There are two type of addresses in respect to sending an email. They are the Envelope sender and the from addresses. The first one is mentioned here. It is the email address where the computer will respond to the email in the case of an error or a bounce back. The second one will be the address to which the human will respond. In most cases, the two will be same, but there can be a chance where the two are different.

The envelope recipient address: Like the envelope sender address, there is also envelope recipient address. The envelope receiver address can’t be spoofed. It is unable to display this address for users.

The triplet contains these three data parts. The triplet is registered in the internal database of the email server. The time when the email reached will also be stored there. Now what the email server does is it rejects the email with a temporary error. These errors are defined in the SMTP protocol as 4XX codes. Most of the spams will be sent not using the RFC compliant MTA. They will not try to send back these emails where the fully qualified SMTP implementations are expected to send these emails after a short delay.  The spamming email server will not send them back and that’s how spamming is prevented with the greylisting. The waiting time can be as short as some minutes or a couple of hours. If the sending server is allowed to send the email within this expected time, the server is identified as non-spam source and it will be whitelisted for a longer time. Once a server is whitelisted, the MTA will trust and will not interrupt future messages as long as the server is white-listed on it.

Greylisting can be turned off on the cPanel, but might result in receiving more Spam or Junk Emails.

If you need any further assistance please contact me.

X

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close