GRAYLISTING

What is Graylisting?

Graylisting is like a temporary hold for suspicious emails. When an email is sent that is intended for your mailbox, instead of immediately delivering it to your inbox, the UpStream filter puts it on hold and asks the sending server to try again later by saying it is busy right now.

Legitimate email servers will try again and eventually get through, usually within 3-5 minutes, but spammers and some malicious senders usually won't bother trying again.

How does Graylisting work?

Graylisting is an anti-spam technique used in email delivery. When an email server receives an incoming email, it temporarily "rejects" the message with a specific error code, indicating that the server is busy or unavailable. The sending server is then expected to reattempt delivery after a certain period of time, typically within a few minutes.

The Graylisting process involves three main components: the email server receiving the message (referred to as the recipient server), the sending email server (referred to as the sender server), and the email client (where the recipient accesses their email).

  1. When the recipient server receives an email, it checks if the sender server's IP address and other identifying information are listed in a "Graylist" database. If not, it adds the sender's details to the database and temporarily rejects the email.

  2. The sending server receives the rejection message from the recipient server and typically logs it. This message indicates that the recipient server is temporarily unavailable or busy.

  3. After a predetermined period, known as the "Graylist expiry time," the recipient server allows the sending server to retry delivering the email. A legitimate sender's server will reattempt the delivery, complying with the temporary rejection and meeting the specified timeout requirements.

  4. Upon receiving the retried email, the recipient server checks the Graylist database and verifies that the sender's details are present and that the retry occurred within the allowed time frame. If the conditions are met, the email is considered legitimate and is accepted for delivery to the recipient's inbox.

The Graylisting technique takes advantage of the fact that many spammers and automated spam-sending software do not handle temporary delivery failures correctly. They often do not retry sending the email, assuming the temporary rejection indicates an invalid email address or a misconfigured server.

What can Graylisting do for me?

Graylisting is a relatively simple technology, but fairly effective against many of the fire-and-forget spammers and 'script kiddie' malicious attackers.

Small to moderate reductions in total attacks made upon your organization can be realized with this technology and it functions as part of a defense-in-depth strategy of email filtering.

The below view of the Graylisting feature in UpStream allows for IP Address, Sender Name and Recipient Email exemptions, allowing for a pre-specification of time-sensitive services, like emergency notifications, to go out on time and not be subject to Graylisting.