What is Greylisting and How Does it Work?

What is spam?

A spam email is any email in your inbox that hasn’t been specifically asked for, including commercial advertising messages. They are also known as unsolicited bulk emails or junk emails. They are typically sent in bulk and will be almost identical in terms of content.

Many spam emails are simply advertisements or content that the recipient does not want to receive, however, others can be harmful. For example, they may contain links to locations where there is malware or a phishing website.

There are some basic rules for staying out of the spam folder.

How is spam prevented?

There are several different options available for preventing spam. If you receive emails, you can mark certain emails as spam, unsubscribe from spammy senders, or block senders. You can also maintain a list of blocked senders for your account and email address.

However, these methods are done by the end-user, and servers will also take additional actions against spam messages. Greylisting is one such measure that email servers use to prevent spam; often used together with other spam prevention techniques such as tarpitting.

What is greylisting?

Greylisting is a technique that is used to test whether or not a sender is legitimate. When an email is sent, it does not reach the recipient’s inbox immediately.

Instead, the email is blocked temporarily while the receiving server sends a request to try and send the email again within a certain time frame.
 

Source

A legitimate sender will send the message again, at which point the email will reach the recipient’s inbox. However, spam servers don’t usually bother to send the message again, so spam messages do not get resent, and never end up in the recipient’s inbox.

How emails get greylisted

When an incoming connection from a remote mail server is received by a mail server, it will be rejected with a temporary error code, which caches both the sending server’s IP address and the addresses of the sender and recipient.

The sending mail server should get the 451 error and view it as a temporary error code, prompting them to resend the message within the time frame specified as it is merely a technical error.

When a remote mail server attempts to resend the email, the information (such as the sender address) will be matched with that in the greylisting cache, which will then give permission to accept the message. The receiving mail server may also apply a more detailed filtering process.

The message information will only stay in the cache for twenty-four hours, so senders who do not send emails frequently will go through the process of greylisting each time. Each mail server will have a different retry scheme which will be applied to future emails in the case of temporary error codes.

The waiting period is usually between one and thirty minutes; fifteen minutes is the default for checking an unknown sender.

What causes greylisted emails?

There are two reasons why your emails may be getting greylisted. These include IP misconfiguration and sender reputation.

IP misconfiguration occurs when the sending IP address has not set up its fully qualified domain name and reverse DNS entry resolving to the same fully qualified domain name correctly.

In this situation, the ISP will detect the misconfiguration and the legitimate mail will either be greylisted or completely blocked.

On the other hand, a sender that does not have a good sending history may have rate limiting applied and greylisting increased when a large number of messages are detected as coming from the IP, as they are not sure if the sender is legitimate.

Constantly greylisted emails could seriously harm your sender reputation and prevent legitimate email servers from treating your emails as safe to receive and open.

Greylist vs blacklist

There are some obvious differences between greylisting and email domain blacklisting. When a sender is blacklisted, their emails will never reach the recipient’s inboxes no matter how many times they try to send the message. This means that the message is not passing spam filters for various reasons and as a result, your domain reputation is hurt.

On the other hand, greylisting is a process that issues temporary error codes that should be respected by compliant remote mail servers with a delivery re-attempt of the initial email.

This is usually not the case with spammy remote mail servers that tend to be set up to deliver large numbers of messages and skip message queuing in the case of temporary error codes.

Disadvantages of Greylisting Email Bounce Technologies

While using greylisting can eliminate a significant number of junk and spam messages, there are some disadvantages that you should be aware of before you enable the greylisting feature.

These include:

Greylisted email check messages delivery delays

When greylisting is used, you will lose the instant nature of email because of greylisting delays. This is because incoming messages from a new IP address are temporarily rejected, which ultimately leads to most emails from new senders being delayed, giving the greylisting server sufficient time to check the emails.

The actual length of the initial delay will depend on the sender’s server retry interval and could range from a few minutes to hours.

Delivery from multiple IPs due to greylisting spam

Some large businesses will use several mail servers to handle their outbound emails. In these cases, the retry attempt may be sent from a different IP address. Since the second attempt is considered to be from a different IP address, this will also be put on hold, which increases the delay further.

No delivery

In some rare cases, the message may never be delivered because of email greylisting.

This will typically occur when the SMTP server is old, treating a temporary failure as permanent instead. In this case, the message will never be received. Failure to deliver the message may also occur if retry attempts are made after greylisting thresholds are set.

Not being able to send messages at all will lead to a bad sender reputation and skyrocket your bounce rate, your conversion rate will plummet and overall, your email marketing efforts will be fruitless.

Greylisting check: what to do if your emails are being greylisted

It’s important to first check your configuration and ensure that your IP addresses are set up correctly. In the case of heavy greylisting, you may want to scan through account-level defer logs, which will allow you to read error messages that are being sent back from the server.

Most of these will also include a URL that will explain the ISP’s sending policies. You can then follow these suggestions to avoid being greylisted in the future. If you continue to have issues sending after following these suggestions, you will usually be able to fill out a form to get additional assistance.

What is anti-greylisting?

To adjust to the new technique of greylisting, some mail servers have adopted anti-greylisting technology. This involves trying to resend the email after a longer period of time after it has been rejected for the first time, in an attempt to minimize the number of rejections.

Usually, they will wait around thirty minutes before trying to resend the email. Anti-greylisting may delay emails further since the server exercising the greylisting technique may be ready to receive the resent email much sooner.

However, it is an effective method that reduces the overall number of tries that need to be made to get the email delivered.

Greylist website vs SPF

Both greylisting and SPF are different techniques used to fight and prevent spam. They can either be used on their own or together. Some email domains, for example, will use several mail servers to send mail.

Each mail server may be used for each next attempt to resend the email, which leads to the greylisting process becoming very time-consuming as each attempt from a different server is going to be separately greylisted.

To solve this problem, the Sender Policy Framework (SPF) can be used as an anti-spam method for sender domains that have made their SPF data available.

What to do if legitimate emails are being greylisted?

While greylisting has a lot of benefits for both email senders and receivers, it can sometimes lead to issues, such as legitimate emails being blocked by the greylist filter, such as confirmation emails or emails to reset a password. The email application can treat these as suspicious emails, getting you in massive trouble.

In some cases, greylist filters may lead to false positives, and these emails are not quarantined as they are being identified at the SMTP level, with no option to release them. As a result, e-mail users on your list won’t be receiving your messages.

The best way to find out why a message has been blocked by the greylist filter is to review the logs, which can help you get to the root cause of the issue and correct the behaviour.

If you are an email user and are not getting important messages due to greylisting, you can either enable exclusions for the greylist filter or completely disable it using most email provider accounts.

Wrapping up

Greylisting is one of the newest spam prevention techniques out there that involves temporarily rejecting a message to see if it will be resent.

Most spam servers will not attempt to resend the email after it has been blocked, making this one of the most effective ways to prevent spam from ever reaching inboxes or even spam boxes, and only allowing legitimate email messages to pass through.

And if you’re looking for more ways to refine your delivery process and get your emails opened and clicked, try Bouncer! With Bouncer, you can verify your email lists and ensure you’re sending only to legitimate, existing email.

Sign up today and verify your first 100 emails for free!