By Stas Bekman.
Published: May 15th 2006
Grey listing is relatively new technique. This technique is very simplistic - if the receiving side has never seen the incoming combination of an IP address of the host attempting a delivery, and the envelope sender and recipient addresses, it temp-fails this attempt, which is a valid thing to do according to the SMTP protocol specification (RFC821). A sender must retry again within the next four hours. When the same combination of IP, sender and receiver is seen by the receiving side, the message is received. When this technology was invented (mid-2003) it was noticed that spammers never try to re-send the SPAM email. Therefore the majority of undesired email is never received, since the first and the only delivery attempt always fails when this technique is used.
The main drawback of this approach is unhappy users. If someone sends you an email and you expect to receive it quickly, you don't want to wait up to four hours.
But spammers always try to outsmart any new defence systems - so it shouldn't be too hard for them to detect that the message has bounced and re-send it again, completely bypassing the grey listing protection.
Here are some vendors supporting this technique (including open-source solutions):
and Qmail support (http://www.digitaleveryware.com/projects/greylisting/)
plugin for Postfix (http://isg.ee.ethz.ch/tools/postgrey/)
Please notify me if you know of others.
And here are some pointers for additional information on the subject:
Filtering with Sendmail Milters and Greylisting (http://www.onlamp.com/pub/a/onlamp/2004/06/10/milters.html)
with greylisting (http://lwn.net/Articles/37536/)
Next Step in Fighting Spam: Greylisting (http://slashdot.org/articles/03/06/20/168203.shtml?tid=111&tid=126)
Next Step in the Spam Control War: Greylisting (http://www.greylisting.org/articles/whitepaper.shtml)