SmarterMail 15.x Help

Greylisting

What is Greylisting and how does it work?

Greylisting has proven itself to be an effective method of spam prevention. When enabled, the system will keep track of the sending IP address, sending email address and recipient's email address for every message received. If an incoming message has a combination of a sending IP, sending address and recipient address that has not previously been seen, it will return a temporary failure to the sending server, effectively saying, “Try again later.” Valid servers will retry the email a short time later, which would be permitted. Spammers, on the other hand, typically create scripts that bombard your server with emails, and they rarely retry on temporary failures. When these messages are bounced back because of greylisting, they are typically not retried, therefore reducing the amount of spam that your customers receive. (Emails sent from whitelisted and authenticated senders will automatically bypass greylisting and are delivered directly to the spool.)

For those messages that are sent from valid email servers, the sending server should retry at least four times. If the first retry is beyond the block period (default 15 minutes) and within the pass period (default 6 hours), the message is passed to the spool and it goes through its normal processing without a delay. A record is also created that says this is a valid email address from that server to the given recipient and keeps it for 36 days (default). If another email from the same email address is received from the same server to the same recipient within the 36 days, the clock is reset for an additional 36 days and delivered directly to the spool.

Why use Greylisting?

Greylisting is a very effective method of spam blocking that comes at a minimal price in terms of performance. Most of the actual processing that needs to be done for Greylisting takes place on the sender's server. It has been shown to block upwards of 95% of incoming spam simply because so many spammers don't use a standard mail server. As such, spam servers generally only attempt a single delivery of a spam message and don't reply to the "try again later" request.

How do I set up Greylisting?

Note: You must be a system administrator to change greylisting settings.

In order to set up Greylisting, click the security icon and click Greylisting in the navigation pane. The greylisting settings will load in the content pane and the following tabs will be available:

Options

Use this tab to specify the following settings:

  • Block Period - The period of time (in minutes) that mail will not be accepted (default 15 minutes).
  • Pass Period - The period of time (in minutes) in which the sender's mail server has to retry sending the message (default 360 minutes).
  • Record Expiration - The period of time(in days) that the sender will remain immune from greylisting once it has passed (default 36 days).
  • Apply To - Select who greylisting applies to.
  • Enable greylisting - Select this option to enable greylisting.
  • Enable users to override greylisting - Select this option to allow users to selectively turn off greylisting (useful if you have an account that receives time sensitive mail).
  • Greylist if the country for the IP address is unknown - Select this option to greylist messages when the country cannot be identified for the IP address.
System administrators should note that the following cases are exempt from greylisting:

  • Whitelisted IPs for SMTP or Greylisting
  • Anyone who authenticates (includes SMTP Auth Bypass list)
  • Trusted senders
  • Anyone who has already sent you an email. Note: This list generates only after greylisting has been enabled.
  • Any IP in the greylistBypass.xml file

Filters

If you set the grelisting "Apply To" setting to "Everyone except specified coutries / IP addresses" then you are able to add filters based on the countries or IP addresses you want to exclude from being greylisted.

Disadvantages of Greylisting

The biggest disadvantage of Greylisting is the delay of legitimate e-mail from servers not yet verified. This is especially apparent when a server attempts to verify a new user's identity by sending them a confirmation email.

Some e-mail servers will not attempt to re-deliver email or the re-delivery window is too short. Whitelisting can help resolve this.