A client turned me on to a relatively new, and effective, anti-spam tool.
Become a Patron of Ask Leo! and go ad-free!
Transcript
We all know that spam’s a huge problem. I know I certainly get more spam
than real mail, though with various spam filters on my server and rules in my
email client I’m able to weed most of it out. I do have the occasional false
positive, but for that reason I actually archive every email I get, including
the spam, on my mail server, just in case.
A client pointed me at something called “greylisting”, which I recently
implemented on his mail server. As the name implies, it’s logically somewhere
between whitelisting and blacklisting.
Whitelisting implies specifying who is allowed to send you email, and
blacklisting just the opposite. Greylisting requires the sender to prove that
they’re a relatively well-behaved mail server, in at least one respect, before
mail is accepted.
When a mail server is asked to accept a piece of email for delivery, the
mail protocol allows it to respond with the equivalent of “not now, I’m too
busy”. The sender is then supposed to wait some amount of time, and attempt to
send the mail again. Many spambots don’t bother retrying. If the mail can’t be
sent, the bot simply moves on to it’s next potential victim.
Greylisting maintains a database of who’s attempted to send mail. Typically
the To, From and IP addresses of each email are tracked. The first time a
unique combination of To, From and IP are found, the server responds with “I’m
too busy”. When the sender retries later, greylisting notices that they’re
already in the database, and allows the mail through. And the tracking is
cumulative: within limits, once a To/From/IP combination has proven itself
valid, it is no longer subject to the greylisting delay.
My client reports a 90% reduction in spam. That’s pretty significant.
My concerns with the technique were twofold: there are known valid email
agents that do not handle the “I’m too busy” status properly, and will bounce
the email back to the sender instead of retying. Those seem to be few, however.
And, as the technique grows in popularity, it seems likely that spammers will
counter with smarter spambots that behave properly.
Until then, however, greylisting seems to be an effective technique.
Remember, though, it’s not something you can use on your mail client, it’s a
mail server technique. You can find out more at greylisting.org.
I’d love to hear from you. This is article 9461 – to leave a comment, go to askleo.info, enter 9461 in the go to article number box, and add your comments to the discussion.
This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of technical questions and their answers are posted online and ready to help solve your computer problems. * New questions and answers are added daily.
That’s askleo.info.