Greylisting is a new method of blocking spam at the mailserver
level, but without resorting to heavyweight statistical analysis or
other heuristical approaches. Consequently, implementations are fairly
lightweight, and may even decrease network traffic and processor load on
your mailserver.
Greylisting relies on the fact that most spam
sources do not behave in the same way as 'normal' mail systems. Although
it is currently very effective by itself, it will perform best when it
is used in conjunction with other forms of spam prevention.
The
term Greylisting is meant to describe a general method of blocking spam
based on the behavior of the sending server, rather than the content of
the messages. Greylisting does not refer to any particular
implementation of these methods. Consequently, there is no single
Greylisting product. Instead, there are many products that incorporate
some or all of the methods described here.
Greylisting got it's
name because it is kind of a cross between black- and white-listing,
with mostly automatic maintenance. A key element of the Greylisting
method is this automatic maintenance.
The Greylisting method is
very simple. It only looks at three pieces of information (which we will
refer to as a 'triplet' from now on) about any particular mail delivery
attempt:
- The IP address of the host attempting the delivery.
- The envelope sender address.
- The envelope recipient address.
From this, we now have a unique triplet for identifying a mail
'relationship'. With this data, we simply follow a basic rule, which is:
If
we have never seen this triplet before, then refuse this delivery and
any others that may come within a certain period of time with a
temporary failure.
Since SMTP is considered an unreliable
transport, the possibility of temporary failures is built into the core
spec (see RFC 821). As such, any well behaved message transfer agent
(MTA) should attempt retries if given an appropriate temporary failure
code for a delivery attempt.