Greylisting

So what is greylisting?

When an email server attempts to send email to your account we send back a specific error code, indicating that we are temporarily unable to accept the mail. This doesn’t mean your email is lost though.

Normal email servers know to retry again, almost immediately. On the second mailing attempt our system knows that this is probably genuine and accepts the email. We also record the IP address of the email server and ‘whitelist’ it. This means we then accept all future email with no further checks.

Most spam is sent through compromised PCs or mailing systems setup to send as much spam as possible, so they will not correctly handle the temporary error code. The server is simply trying to send as much spam out as possible and as a result doesn’t try to resend the spam email to you after receiving the temporary error code.

A slight delay is introduced with this system, but not much! When we reject the initial email connection it is then down to the sending mail server to retry sending the email. The actual period of delay between the first and second attempt is down to the sending server. As an example 34SP.com servers retry after 20 minutes. Other email servers may be faster or slower than this, but all genuine mail servers will retry.

This delay only happens once for each of your regular contacts. If the same email server sends mail to you again they will not be challenged. All successful mail server connections are logged (with the IP address of the mail server stored) and held for a 36 day period. This is a rolling 36 day period from the time of the last mailing, so if you have someone that regularly mails you it is unlikely that their email server will be challenged more than once.

For greater peace of mind our system is also capable of running whitelists on an IP address. If someone mailing you is having difficulties, we can easily whitelist their IP address. Their email will then no longer be challenged and will be automatically accepted.

It should be stressed that all genuine email comes from servers that are correctly configured and can handle this system.

The full details regarding the greylisting method can be found in the whitepaper by Evan Harris.