Description

This article is a part of the series on undesired email (spam, phishing, viruses, etc.). The material covers the Poisons and the Remedies.

By Stas Bekman.

Published: May 15th 2006

Anti-SPAM Techniques: Grey Listing

Grey listing is relatively new technique. This technique is very simplistic - if the receiving side has never seen the incoming combination of an IP address of the host attempting a delivery, and the envelope sender and recipient addresses, it temp-fails this attempt, which is a valid thing to do according to the SMTP protocol specification (RFC821). A sender must retry again within the next four hours. When the same combination of IP, sender and receiver is seen by the receiving side, the message is received. When this technology was invented (mid-2003) it was noticed that spammers never try to re-send the SPAM email. Therefore the majority of undesired email is never received, since the first and the only delivery attempt always fails when this technique is used.

The main drawback of this approach is unhappy users. If someone sends you an email and you expect to receive it quickly, you don't want to wait up to four hours.

But spammers always try to outsmart any new defence systems - so it shouldn't be too hard for them to detect that the message has bounced and re-send it again, completely bypassing the grey listing protection.

Vendors

Here are some vendors supporting this technique (including open-source solutions):

AutumnTECH (Commercial) supports greylisting ASSP (OSS) - a transparent SMTP filtering proxy. ASSP collects statistics from participating ASSP users to help identify mail hosts that tend to send more spam or more not-spam mail. These statistics are compiled together to create a "greylist." Exim and Qmail support (OSS) Evan Harris Sendmail greylisting (OSS) milter Emmanuel Dreyfus Sendmail greylisting (OSS) milter Anthony C Howe Sendmail greylisting (OSS) milter Jef Poskanzer Sendmail greylisting (OSS) milter a plugin for Postfix (OSS)

Spey (OSS) A greylisting SMTP proxy a plugin for Qpsmtpd (OSS) SQLgrey (OSS) is a postfix policy service implementing a grey-listing policy.

 

 

Please notify me if you know of others.

Related Links

And here are some pointers for additional information on the subject:

Greylisting FAQ (Texas A&M University)

Spam Filtering with Sendmail Milters and Greylisting by Emmanuel Dreyfus Spam blocking with greylisting (LWN) The Next Step in Fighting Spam: Greylisting (Slashdot) smtpwrap A Simple wrapper for SMTP greylisting with inetd The Next Step in the Spam Control War: Greylisting by Evan Harris DCC Greylists

 

 

Continue reading about other Remedies or jump to the email-related Poisons section.

Share and Enjoy

Tags

spam, anti-spam, antispam, phishing, virus, scam, grey list