Greylisting (sometimes spelled graylisting) is a method of defending email users against spam. Greylisting dramatically reduces spam by making it wait to be received by the server. When an email message arrives at the SmarterMail server from an unfamiliar host or domain, the greylisting function refuses the message for a period of 15 minutes. If the mail is legitimate, the originating server will try again to send it later, at which time the receiving server (the server your mail is on) will accept it. The resend attempt made by a sender is a reasonable indicator of legitimacy. Mail that passes this test is released and delivered to the destination. If the mail is from a spammer, it will probably not be retried as most spam sources are not equipped to do so. Those which re-transmit later are more likely to be caught by the remaining anti-spam defenses.
How it works:
· An email is received by the SmarterMail server
· The sending address is checked against the greylisting internal database. If email address or sending server is not recognized the mail is greylisted for 15 minutes and it is refused with a temporary rejection.
· The assumption is that since temporary failures are built into the RFC specifications for e-mail delivery, a legitimate server will attempt to connect again later on to deliver the e-mail.
· Once email is redelivered it is added to the database for 36 days. Further emails from the same sender will be immediately accepted without delay.
· White-listed or trusted senders automatically bypass the greylisting mechanism.
Greylisting is effective because many mass e-mail tools used by spammers will not bother to retry a failed delivery, so the spam is never delivered. Any subsequent attempts are more likely to be detected as spam by other mechanisms than they were at first.
· Greylisting dramatically reduces spam
· No additional settings or changes are needed
· It is automatically turned on server wide
· Users who do not want to take advantage of this feature can disable Greylisting with a single setting change
· Email from new or unknown senders is delayed. This is typically 15-20 minutes, but may be more depending on the sending server settings.
· The sender may receive a deferral message depending on their mail server settings. This is not a bounce message, but rather a message indicating the email deliver is temporarily delayed.
To disable graylisting for a mail domain:
If you are a shared hosting customer and want to disable graylisting for a mail domain, e-mail firstname.lastname@example.org from an authorized e-mail address with the mail domain you want disabled.
Keep in mind:
- Graylisting greatly reduces the volume of spam the mail domain receives. The mail domain will see a large influx of spam with graylisting disabled.
- We recommend instead adding the SMS email address or domain name to the mail domain’s List of Trusted Senders so these SMS messages get whitelisted.
- If you choose to go forward with disabling graylisting, we recommend adding Awesome Antispam to help control the spam better.
- SMS is an insecure method to receive 2FA codes (for example, it’s not even PCI-compliant to use SMS for 2FA). We recommend considering using an authenticator instead (like Microsoft Authenticator, Google Authenticator, Authy, etc.)
Content retrieved from: https://support.appliedi.net/kb/a309/what-is-greylisting.aspx.