What is greylisting?
Greylisting is a method of combating spam in emails. It involves initially rejecting a suspicious email. The email is only accepted if another delivery attempt is made.
The idea behind this is that reputable senders or mail servers automatically attempt to resend temporarily rejected emails in accordance with the SMTP standard. Spammers, on the other hand, usually do not do this – unless they send their spam via well-known freemail providers.
When another delivery attempt is made, the receiving server recognizes that it is a previously rejected email and accepts it, provided that the email has not been identified as spam or malware. Future messages from the same sender will then come through without delay.
How does greylisting work?
The receiving mail server checks three pieces of data:
If this combination is unknown, the email is rejected with a temporary error. A correctly configured server will try to deliver it again later, and the email will then be accepted. If it occurs again after a certain period of time, it will be accepted and stored in a database.
Why greylisting?
The use of greylisting has several advantages:
The R in SMTP is for real-time
As effective as greylisting is, there are unfortunately some drawbacks. In some cases, there can be noticeable delays in the delivery of legitimate emails. This can cause problems with emails such as password resets, activation links, or appointment confirmations.
Another risk is posed by incorrectly configured mail servers that do not attempt a second delivery after a temporary rejection. Such emails are simply lost. Large providers with changing IP addresses can also cause difficulties, as the recipient server treats them as “unknown” each time.
In addition, spammers adapt: modern spam systems repeat their delivery attempts to circumvent greylisting. This reduces the effectiveness of this technique over time.
What is intelligent greylisting?
To circumvent the aforementioned disadvantages of greylisting, many companies today rely on a combination of greylisting and other security mechanisms such as allowlists, reputation checks, or filters.
Allowlists contain known, trusted senders or partner domains that are allowed to deliver their emails without delay. This means that important business partners and cloud services are spared any delays.
Exceptions—which are set based on rules, for example—are helpful when it comes to time-sensitive messages such as activation links or password resets.
In addition, greylisting should only be used on the basis of a well-thought-out security concept based on accurate reputation checks using SPF, DKIM, and DMARC.
Greylisting in NoSpamProxy
Intelligent greylisting is also used in NoSpamProxy, as the corresponding rule works in conjunction with the Level of Trust and the Spam Confidence Level.
By default, greylisting is only applied to emails that do not have a Level of Trust bonus. These include all emails from unknown senders that have already been “counted” by NoSpamProxy with 2 SCL points.
Greylisting in NoSpamProxy Cloud message tracks
Configuring greylisting in NoSpamProxy Server
The SCL threshold and the time period after which emails are unblocked can be easily adjusted:
This ensures that desired emails are not slowed down by greylisting and reach the mailbox late.
The blocking period gives the filters and actions in NoSpamProxy time to refine their assessments (see above). During subsequent delivery attempts, the current threat patterns are available and a potential spam email may receive 4 SCL points and be rejected by NoSpamProxy.
Not yet using NoSpamProxy?
NoSpamProxy reliably protects your company from dangerous spam emails and offers many other security features. Request your free trial now!
