Like most ISPs, we’ve been employing the tactic of greylisting to cut down on the amount of spam and viruses we get and forward to our customer email addresses via their mailmaps or backup mail spools.
First, What is Greylisting?
Basically, greylisting introduces a temporary and one-time delay into email delivery of messages we receive from originators who have never emailed you before. To be more precise it works at the server level. If it’s from a server that our servers haven’t seen before, it typically gets greylisted. It means we tell the sending mailserver “please try again later”.
At that point it’s up to the sending mail server when “later” is. Depending on their configuration and how busy their mail queue is, it could be anywhere from 15 minutes (most commonly) to as much as 4 hours (rarely). Once they retry the message, we accept it then we whitelist that mailserver and we accept all future email without delay as it arrives.
The reason this works so well is because most spambots, zombies and other malware are not configured to store a message after a non-delivery and retry it later. Instead they’ll discard the message and simply try the next address. It works great and it cuts down spam by a significant amount.
Controlling Greylisting for your Domains
There is a common misconception that greylisting “delays all your mail”. It doesn’t. It delays the first email recieved from a server we’ve never seen before and then accepts everything as it comes in. This means that most of your email traffic isn’t being greylisted because it is coming from servers and organizations who email you frequently, we already have the originating IPs whitelisted here, and we accept all email. IPs are subject to occasional recycling. So every few weeks, a rogers, a bell or a google email server may have to pass greylist. But then it’s business-as-usual for all the mail again.
Having said that, people sometimes ask us to exempt a domain from greylisting and we were happy to do it but it was a manual process and involved escalating the ticket to the systems group, etc.
So as of today, we’ve pushed this functionality to the member level. In your domain control panel when you manage your domain simply click on the Settings link on the Mail line and you’ll see this:
The SPF box controls if you want to have our mail servers enforce SPF checking on inbound mail destined for your addresses, while the greylisting control you check when you want to exempt your domain from greylisting.
Again, we advise you use this sparingly for specific situations and otherwise leave it on most of the time.
(If you haven’t ported your domain to the new system and you ask for a greylisting exemption, we are now asking you to port your domain to the new system and enable it directly. Even though the DNS cutover from the old system to the new system takes a few hours, the greylisting exemption kicks in immediately)
Is there a way to view what email has been collected by you as spam?
When we are greylisting we aren’t collecting any email. We are telling a previously unknown mailserver “Try back later” (basically by outputting a 400 series result code which means “temporary failure”)
At that point, it is up to the sending mail server to try back. Any mailserver that does NOT retry (and I cannot stress this following point enough), is seriously broken. It’s a pretty basic tenet of all network connected mail servers to adhere to the basic result codes of their delivery attempts.
The effectiveness of greylisting owes to the fact that most spammers don’t run compliant mail servers.