Click here

Wednesday 25 July 2012

What is Greylisting?


Greylisting is one of the newest weapons in the arsenal of anti-spam techniques. It relies on the fact that most spam and viruses only try to deliver themselves once. Greylisting temporarily denies the first attempt, telling the spammer to try again (450 Please try again later.) On the next attempt the message is accepted. If a mail server passes this test enough times it is added to a whitelist so that it does not have to pass the greylisting test again. No-IP.com jumps the gun a bit and adds common email servers like eBay and Yahoo! Groups to the whitelist since we already know they are legitimate senders.
No-IP.com greylists all mail arriving at mail2.no-ip.com. Under normal circumstances, no properly configured email server should send mail directly to mail2.no-ip.com. So email that mail2.no-ip.com sees is already suspect. But, rather than reject it outright and take the chance of losing legitimate mail, greylisting provides a comfortable in-between that reduces spam and keeps the valid mail flowing!

Examples

Here's an example. alice@sytes.net sends a message to betty@trickjunction.co.cc. Betty is using greylisting. So, on the first attempt to deliver Alice's message Betty's mail server denies the message and makes a note of the attempt in a database. Alice is sending through a normal email server which tries again after about four minutes. When Betty's mail server sees this second attempt it checks the database and finds the previous note. Betty's mail server marks the note as validated and accepts the message. Betty receives the message with only a four minute delay. Read on to see what happens when a spammer tries to send to Betty!
Here's a second example showing how greylisting protects Betty. Alice's computer becomes infected with a virus and finds Betty's address in her Outlook addressbook. The virus reports the address to a big spam gang. Surely Betty's inbox will be overflowing with junk soon! The spammers add Betty to their list and begin the onslaught. The first attempt is made and Betty's mail server temporarily rejects the message just like before. But wait! Spammers aren't normal mail servers! They are not going to waste time and resources to try to send Betty the message twice! So Betty is unaffected by the failed spam attempt and her inbox remains spam-free. At worst, the spammer tries again and the message gets through. But Betty just cost that spammer more in time and resources.

0 comments:

Post a Comment