Ever since the first spam email was sent, more than 40 years ago, email providers have tried to prevent unwanted messages from reaching users’ inboxes. And they’ve done a pretty good job by introducing different techniques that proved useful for keeping undesired emails away.
The problem is these techniques are not 100% effective, and, sometimes, legitimate emails end up in the spam folders. To solve this issue, they’ve come up with a new technique — greylisting (or graylisting).
Read on to find out what greylisting means and how it works.
What Does Greylisted Mean?
Greylisting is a technique used to test whether a sender is legitimate or not. Incoming emails don’t immediately reach the inbox. Instead, they get temporarily blocked while the receiving server requests the sending server to try sending the email again within a certain time frame.
Legitimate mail servers will send the message again and this time it will reach the recipient’s inbox. Spam servers, however, won’t bother to do this, so the spam message will never be resent thus not entering the user’s mailbox.
How Do Emails Get Greylisted?
From a technical point of view, greylisting looks like this:
When a mail server receives an incoming connection from a remote mail server, it rejects it with a temporary error code, caches the sending server’s IP address and the sender and recipient addresses. The sending mail server should interpret this 451 error code as a temporary error and should try to resend the message within the time frame specified in the RFCs.
When the remote mail server tries to resend the email, the information is matched with the one in the greylisting cache and it receives permission to accept the message. Further filtering techniques may be applied on the receiving mail server. Message information stays in cache only for 24 hours, so senders who don’t send you email frequently go through the greylisting process every time.
Also, each mail server has a different retry scheme that is applied to outbound messages in case of temporary error codes. Usually, between 1 and 30 minutes, the default is 15 minutes.
Why are your emails getting greylisted?
There are two reasons for this:
- IP misconfiguration: the sending IP address should have a Fully Qualified Domain Name (FQDN) that resolves to that IP, as well as a reverse DNS entry for that IP that resolves to the same FQDN. If this is not set up correctly, ISPs will detect this misconfiguration and they’ll greylist your mail or block it completely.
- Sender reputation: if your sender reputation is low (meaning you don’t have a good sending history) when an ISP detects a large number of messages coming from your IP, they’re going to apply rate-limiting and increase greylisting because they’re not sure if you’re a legitimate sender.
Another thing you can do is scan through the account level defer logs and read the error messages coming back from the server. Often, you’ll find URLs that explain the sending policies of ISPs and the requirements you should fulfill.
Greylisting vs. Blacklisting
The difference between blacklisting and greylisting is quite obvious. If a sender is blacklisted, no matter how many times they try to send you emails, they will never reach your mailbox (not even the spam folder!).
What greylisting does, on the other hand, is to issue temporary error codes which are to be respected by RFC compliant remote mail servers which should attempt re-delivery. Usually, this is not the case for spammy remote mail servers which are configured to quickly deliver large amounts of messages and skip the queueing of messages in case of temporary error codes.
Why Greylisting Is Necessary
Overall, even if greylisting delays emails from reaching the inbox, it does great job filtering the majority of spam messages, thus offering users a better experience.