The Difference Between Greylisting and Blacklisting

Sep 16, 2022
6
Email providers have long been working tirelessly behind the scenes to prevent spam emails from ending in email inboxes
. So far, they’ve not been able to prevent spam completely but have done quite a decent job of getting together a list of useful techniques for managing spam and reducing it as much as possible. However, there’s a problem: anti-spam techniques are not always completely effective, and as a result of using them, legitimate emails sometimes mistakenly end up in the spam or junk folders. Email providers devised a new technique to deal with this problem: greylisting.

Spam Emails Explained

Spam refers to emails that land in your inbox even though you haven’t agreed to receive or requested them. This could include advertising and marketing messages for which the recipient hasn’t signed. They’re usually sent in bulk, also known as junk mail or unsolicited bulk emails. The majority of spam emails are sent for advertising purposes. However, some may be harmful, potentially containing links to locations for phishing websites or malware.

How Spam is Prevented

Email providers use a range of different options when it comes to spam prevention. If you have an email account, there are also options that you can control as the recipient, including marking certain emails or senders as spam, unsubscribing from senders who you receive a lot of spammy emails from, and blocking senders. Servers also take various actions against spammy senders, including the sender score, which is like a credit score for email senders. When a sender score gets too low due to spammy messages or too many recipients marking the sender’s emails as spam, they may struggle to reach inboxes. This is known as blacklisting. On the other hand, greylisting is another measure that allows more time for email servers to check emails for spam before they land in an inbox.

What is Email Greylisting?

Greylisting refers to a process used to check if an email sender is legitimate. With greylisting, an email that is sent won’t end up in the recipient’s email inbox immediately. Instead, it is temporarily blocked while the receiving server requests that the sender attempts to send the message again. Unlike blacklisting, where emails are entirely blocked from being sent, a second attempt will be made with greylisting. Since spam servers are unlikely to try and deliver the message for a second time, spammy messages will not be resent or received by the recipient, while legitimate ones will.

Greylisting vs Blacklisting

There are a lot of main differences between email greylisting and blacklisting. In the case of blacklisting, a sender is blocked from sending emails, and the messages they send will never end up being delivered to the recipient’s inboxes, no matter how many attempts are made to send them. On the other hand, greylisting is a temporary block that should end with the email being eventually sent. The process produces temporary error codes that should prompt remote servers to reattempt delivery. Spammy remote servers will not usually make a second attempt to deliver the email, as they are typically set up to deliver large numbers of bulk emails and skip message queuing. As a result, spam messages are more likely to be blocked this way.

What Causes a Greylisted Email Address?

When a mail server gets an incoming connection from a sender’s server, a temporary error code is issued, temporarily rejecting the email message and requesting that the remote server try to resend it within a certain period. The temporary error code will also cache the IP addresses of the server, recipient, and sender. Then, the sending server will receive a 451 error, which prompts the server to attempt to resend the message within the timeframe given. When the sender attempts to deliver the message again, the information will be checked against that in the cache, and if it matches, permission will be granted for the recipient to accept the message. There may also be other spam filtering techniques applied at this point by the receiving mail server. Senders will usually need to re-attempt delivery within the next twenty-four hours, as the information will typically be deleted after that. Otherwise, senders who don’t send emails very often will be put through the entire greylisting process each time. Every mail server’s retry scheme will differ; the default period for re-trying delivery is fifteen minutes, while others may be longer. It’s usually somewhere in between one minute and half an hour.

Why Are Emails Greylisted?

There are a couple of main reasons why emails get greylisted: sender reputation and IP misconfiguration. In the case of IP misconfiguration, the sender’s IP address will not have correctly set up a domain name that is fully qualified and reverse DNS entry resolving to it. In this case, the ISP detects the misinformation and will respond by blocking the messages – usually temporarily, although sometimes it may be permanent. Senders with a poor history or low sender score may have greylisting or rate limiting increased if many email messages are seen coming from their IP, as there is a higher risk that these may be spam.

Problems With Greylisting

While greylisting is a technique that can successfully prevent a large number of spammy and junk messages, it can cause problems with sending emails to recipients. Some of the main cons of greylisting include:

Message Delays

Greylisting might be good at preventing spam, but it does have one downfall in that it also loses email’s instant nature. This happens due to the fact that an incoming email from unknown or new IP addresses will be rejected temporarily instead of being sent straight through to the inbox. Ultimately, this tends to result in a delay on most emails that are being sent by a new sender, regardless of whether or not they are actually spam. How long the delay can be expected to last will vary depending on when the sender retries the delivery.

Delivery Failure

While it is rare, greylisting can also cause delivery failure in some cases. This may occur more often in the case of an older SMTP server that mistakenly treats a temporary delivery failure as a permanent delivery failure. In this instance, the recipient will never receive the message. Retry attempts that occur after greylisting thresholds have been set may also result in non-delivery.

Delivery From Multiple IPs

Large businesses will sometimes use several different mail servers to handle outbound emails. Sometimes, this could lead to the retry attempt being sent from a different IP address. However, in this case, the second attempt will be considered the first attempt and also put on hold, further increasing the email delay.

Greylisting Email Check: How to Handle Greylisting

If you are sending emails and they are being greylisted, then the good news is that this is not the same as blacklisting, and there are some things you can do to ensure that your messages are delivered to recipients successfully. Firstly, you can ensure that your configuration is correct and that your IP addresses are correctly set up. If heavy greylisting occurs, you may find it helpful to go through defer logs at the account level to find and get information from the error messages sent from the server. These may include a link you can visit to get more information that will explain the sending policies of the ISP in more detail, along with providing suggestions that you can follow to prevent further greylisting. There will typically be a request form that you can fill out to get further guidance if you continue being greylisted even after following these suggestions.

When Legitimate, Non-Spammy Emails Are Greylisted

While greylisting can be quite beneficial when it comes to preventing spam with advantages for both senders and recipients, it can sometimes lead to problems, including emails that are not spammy being mistakenly blocked by the filter. For example, emails containing instructions on resetting a username or password or emails confirming a customer order might be greylisted, causing a delay. Sometimes, a false positive for spam can lead to no option to release the email and retry delivery.  Reviewing the logs is the most effective way to determine why messages have not made it through the filter. This will help you understand the main cause behind the issue and determine which corrective actions you will need to take. Suppose you are not receiving important information because of greylisting as a recipient. In that case, there may be options available to you, such as manually disabling the greylist feature or enabling exclusions for certain senders.

Greylisting is another of the latest techniques for preventing spam. Unlike blacklisting, which results in a complete sender block, greylisting temporarily blocks email messages and gives the server a chance to re-send.

Line and dots
Line and dots