fbpx

How does Greylisting work?

greylisting

Greylisting is an anti-spamming technique. This is done by a Mail Transfer Agent (MTA) or simply an email server. It is an effective method against email spamming. As the name indicates,  greylisting stands between whitelisting and blacklisting. Suppose you are adopting the exim as your MTA and you are using greylisting in it to prevent the spamming. Now, your MTA will reject any email from an unrecognized sender. This rejection will be temporary. The server will then wait for a predefined time period to see if the rejected email is resent. Suppose the email was a legitimate email, then the email will be resent by the sending server after a time period. This waiting time of the rejecting server will be enough to receive the resent email. If it is received again within the time period, then the server will deliver it to the recipient. Then the sending email will not try to resend it, so that your MTA will wait for the predefined time and will not get the email again.

How does the greylisting work

As we’ve seen earlier, greylisting enabled server will reject the emails from any unknown or suspected email senders. The MTA will keep a record of three pieces of data as follows.

1) The IP address

2) The envelope sender address

3) The envelope recipient address

These three pieces of data is known as the “triplet”. The three technical terms are described below. To understand this better you need to have an idea on how the email is being sent. The emails are sent using the SMTP protocol on Internet. In this protocol, the emails are sent in units called envelopes. When an email is sent, first the address of the envelope sender is sent, then the recipient address and finally, the actual message. It will consist of the header and body of the email message.

IP address: The IP address of the sending MTA.

The envelope sender address: There are two type of addresses in respect to sending an email. They are the Envelope sender and the from addresses. The first one is mentioned here. It is the email address where the computer will respond to the email in the case of an error or a bounce back. The second one will be the address to which the human will respond. In most cases, the two will be same, but there can be a chance where the two are different.

The envelope recipient address: Like the envelope sender address, there is also envelope recipient address. The envelope receiver address can’t be spoofed. It is unable to display this address for users.

The triplet contains these three data parts. The triplet is registered in the internal database of the email server. The time when the email reached will also be stored there. Now what the email server does is it rejects the email with a temporary error. These errors are defined in the SMTP protocol as 4XX codes. Most of the spams will be sent not using the RFC compliant MTA. They will not try to send back these emails where the fully qualified SMTP implementations are expected to send these emails after a short delay.  The spamming email server will not send them back and that’s how spamming is prevented with the greylisting. The waiting time can be as short as some minutes or a couple of hours. If the sending server is allowed to send the email within this expected time, the server is identified as non-spam source and it will be whitelisted for a longer time. Once a server is whitelisted, the MTA will trust and will not interrupt future messages as long as the server is white-listed on it.

Greylisting can be turned off on the cPanel, but might result in receiving more Spam or Junk Emails.

If you need any further assistance please contact me.

Email Spam

email spam

Email Spam-the Never ending Cat and Mouse Game

Today – as before – there is plenty of spam on social networks and in other types of online marketing, but most of us probably think of email when talking about spam. If you’re like me, battling email spam is a never-ending game of cat and mouse — tweaking spam filter settings, blacklisting and whitelisting domains, deleting emails that reach the In box, etc.
If your Website is build on the WordPress CMS System and you are using the popular Contact Form 7 Plugin for your Contact Form then here are some additional solutions apart from the build in re Captcha Integration.

First off – Should You use all the anti-spam methods recommended here?

In a word, no. I do NOT recommend that you implement ALL of the methods suggested in this article. A WordPress website should be kept as clean and minimal as possible behind the scenes, and you should not install unnecessary plugins.
Instead, I recommend using trial and error to experiment with these solutions – whether you’re a WordPress expert or a novice.If you need Help with any of these methods please contact me. Track how much contact form spam you receive after implementing one or two methods, and make changes until you are happy. Install Akismet as a starting point, and take it from there.

Using Contact Form 7’s in-built anti-spam measures

You’ll find a lot of articles recommending CAPTCHA and quiz plugins that work with Contact Form 7. Most of these are unnecessary as it’s better to use the features already built into the Contact Form 7 WordPress plugin.

Quiz

Simple quizzes are becoming a popular way to combat contact form spam. They work by asking the user a simple question such as “Which is bigger, 2 or 8?” Bots can’t answer this question. As a result, only people who enter the correct response can submit the contact form.

To add a quiz, edit your contact form and click the Generate Tag dropdown. Paste the shortcode that appears below into your contact form. It will look something like this:

[quiz capital-quiz "Which is bigger, 2 or 8?|8"]

2. Minimum character count

The WordPress website featured in this article received a lot of spam contact forms with 2-digit messages – usually a number. I have no idea what they were trying to achieve, but it’s obviously a popular type of spam at the moment.

If all your spam messages follow an obvious pattern, you can block them by setting up your contact form to block messages that meet this pattern. In this case, I used the Max and Min Length options in Contact Form 7 to require messages to be more than 20 characters long. Genuine inquiries will usually provide more than 20 characters, so this blocks bots without frustrating real users.

The Message/Comments field will look something like this:

[textarea* your-message minlength:20 maxlength:500]

3. Akismet

Akismet has a reputation as the best WordPress anti-spam plugin. Not everyone knows that it works with Contact Form 7 as well as blog comments.

Once you have activated the Akismet WordPress plugin and followed the on-screen instructions to add your API key (free for non-profit-making website, small monthly fee for business sites), you need to do a bit of extra config to make it talk to Contact Form 7 – see httpss://contactform7.com/spam-filtering-with-akismet/.

In my tests, Akismet stopped about 70% of the Contact Form 7 spam but not all of it. It worked well in conjunction with some of the other solutions mentioned in this article.

4. Contact Form 7 Honeypot

Contact Form 7 Honeypot is a WordPress plugin that adds a hidden field to your contact form. Real users won’t complete it because the field is invisible. However bots won’t know this and will fill it in. This allows the plugin to recognize them as bots and block their submission.

After you have installed and activated the Contact Form 7 Honeypot WordPress plugin, use the Generate Tag option to create a honeypot shortcode to insert into your contact form. It will look something like this (Contact Form 7 recommend changing the ID to something unique, so replace 531 with something else):

[honeypot honeypot-531]

GET CONTACT FORM 7 HONEYPOT

5. Really Simple CAPTCHA

The Really Simple CAPTCHA WordPress plugin was created by the developer of Contact Form 7 so they work together seamlessly. The plugin allows you to add a CAPTCHA to your contact form. It’s designed to prevent bots from submitting forms on your WordPress website.

Once you have installed and activated Really Simple CAPTCHA, insert a CAPTCHA tag into your Contact Form 7 form. (Click the Generate Tag dropdown to see the available options and create a customized tag to paste into your form.) It will look something like this:

[captchac captcha-14]

Further instructions at httpss://contactform7.com/captcha/.

Please note that CAPTCHAs are becoming slightly old fashioned and are not great for user-experience. They also require particular features to be enabled on your server, which may not be in place for your WordPress website.

I would recommend adding a quiz first (see above), and only trying CAPTCHA if this doesn’t work. The two methods basically do the same thing. They prevent automated bots from submitting your website contact form – so you shouldn’t need both.

GET REALLY SIMPLE CAPTCHA

What worked for me

All WordPress websites receive spam in slightly different ways. What works for one website may not work for another.

When I had to stop Contact Form 7 spam on a WordPress website, I immediately achieved a huge reduction in spam simply by installing Akismet. The spam messages reduced from dozens per day to 5-10.

I fixed the problem completely by combining Akismet with the Contact Form 7 Honeypot plugin, a quiz and minimum character count.

If you just want to add one method to reduce Contact Form 7 spam, then I recommend Akismet. This is the best standalone solution as it’s so powerful and comprehensive. You can use it whether you’re a WordPress expert or a beginner. It can make a real difference to your WordPress contact form spam.

GET AKISMET

X

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close