Email Greylisting. How does greylisting work?
By Jithin on November 29th, 2016
Spamming is a major concern for all Internet users. Greylisting and tarpitting are two methods to discourage or stop email spamming. We are going to see these methods in detail in this article.
What is Spam
A spam email is the one you’ve received in your inbox when it has not specifically been asked for. It can be commercial advertising messages too. These emails are also known as junk emails or unsolicited bulk emails (UBC). These messages are sent in bulk. They will be nearly identical based on the contents. Some spam emails can cause harm to you. They may provide hyperlinks which will lead to phishing websites or locations where there is malware.
There are various spamming prevention methods. As a receiver, you can mark any emails as spam and you can also block the sender and unsubscribe from the sender. You can maintain a list of blocked senders for your email accounts. As we’ve seen all these methods are need to be done by the end user. There are also some server side precautions against the spamming. Greylisting and tarpitting are measures that you can take against spamming. These are two effective methods against the spamming especially when used in combination. Please be aware that there is no technique which is perfect in spam prevention. Any anti-spamming method can return a false positive.
Greylisting is an anti-spamming technique. This is done by a Mail Transfer Agent (MTA) or simply an email server. It is an effective method against email spamming. As the name indicates, greylisting stands between whitelisting and blacklisting. Suppose you are adopting the exim as your MTA and you are using greylisting in it to prevent the spamming. Now, your MTA will reject any email from an unrecognized sender. This rejection will be temporary. The server will then wait for a predefined time period to see if the rejected email is resent. Suppose the email was a legitimate email, then the email will be resent by the sending server after a time period. This waiting time of the rejecting server will be enough to receive the resent email. If it is received again within the time period, then the server will deliver it to the recipient. Then the sending email will not try to resend it, so that your MTA will wait for the predefined time and will not get the email again.
How does the greylisting work
As we’ve seen earlier, greylisting enabled server will reject the emails from any unknown or suspected email senders. The MTA will keep a record of three pieces of data as follows.
1) The IP address
2) The envelope sender address
3) The envelope recipient address
These three pieces of data is known as the “triplet”. The three technical terms are described below. To understand this better you need to have an idea on how the email is being sent. The emails are sent using the SMTP protocol on Internet. In this protocol, the emails are sent in units called envelopes. When an email is sent, first the address of the envelope sender is sent, then the recipient address and finally, the actual message. It will consist of the header and body of the email message.
IP address: The IP address of the sending MTA.
The envelope sender address: There are two type of addresses in respect to sending an email. They are the Envelope sender and the from addresses. The first one is mentioned here. It is the email address where the computer will respond to the email in the case of an error or a bounce back. The second one will be the address to which the human will respond. In most cases, the two will be same, but there can be a chance where the two are different.
The envelope recipient address: Like the envelope sender address, there is also envelope recipient address. The envelope receiver address can’t be spoofed. It is unable to display this address for users.
The triplet contains these three data parts. The triplet is registered in the internal database of the email server. The time when the email reached will also be stored there. Now what the email server does is it rejects the email with a temporary error. These errors are defined in the SMTP protocol as 4XX codes. Most of the spams will be sent not using the RFC compliant MTA. They will not try to send back these emails where the fully qualified SMTP implementations are expected to send these emails after a short delay. The spamming email server will not send them back and that’s how spamming is prevented with the greylisting. The waiting time can be as short as some minutes or a couple of hours. If the sending server is allowed to send the email within this expected time, the server is identified as non-spam source and it will be whitelisted for a longer time. Once a server is whitelisted, the MTA will trust and will not interrupt future messages as long as the server is white-listed on it.
If you need any further assistance please contact our support department.