Greylisting really works
Posted by David Zaslavsky on — CommentsThere are a lot of programs and protocols out there devoted to stopping, or at least reducing, the flow of spam email around the internet. But one of the most effective is also one of the simplest: greylisting.
In order to understand greylisting, you first need to know that a typical email message on its way through the internet travels through four computers (“nodes”):
- The origin client (often a personal computer running a MUA - mail user agent - like Thunderbird, Outlook, Evolution, etc.)
- The relaying server (this server would be named in the configuration of Thunderbird, Outlook, Evolution, etc. as the SMTP server)
- The destination server (for mail sent to
user@example.com
, this is the email server forexample.com
) - The receiving client (often another personal computer running another MUA)
Greylisting is actually a simple process: the first time node 2 tries to send the email to node 3, node 3 responds with an SMTP 450 error code, which basically means “try again later”. And a standards-compliant mail server will indeed try again later. But a spammer’s server usually won’t. Spammers typically operate their own mail servers which are specially designed to send out as many emails as possible to as many people as possible, and it’s not worth their time to try sending the same mail twice.
It might be hard to believe that this really works — you’d think that spammers would be smarter than that. But I just enabled greylisting on my mail server yesterday and my daily spam count dropped from around 70 to only 1! The great thing about greylisting is that unlike, say, Bayesian filtering (which tries to identify spam based on its content), there’s no risk of flagging a legitimate email as bad. Of course, if greylisting catches on, spammers will probably start to work around it, but we’re still a long way from that landmark…