It’s amazing to think, but I actually had an email address not receive one piece of spam for more than six years – without using any kind of anti-spam software. How did I pull this off? Easy… it was 1992 – a time when you could hand out your email address with reckless abandon. Those days are clearly over; and until time travel is invented, I doubt any of us will see days like that again. Luckily, in 2008 we have an assortment of great tools that help keep the spammers at bay. You are probably already familiar with most of these anti-spam tools - blacklisting, whitelisting and heuristics. But there is a new tool in the anti-spam arsenal – greylisting.
How Does it Work?
Greylisting works under the premise that most spamming operations do not behave in the same way that "normal" email systems do. Most legitimate email servers are configured to make a certain number of attempts to deliver an email message. If a recipient’s email server is temporarily offline, the recipient eventually receives the message once their server is back online. On the other hand, a spammer’s email server is typically configured to try once and then move on. If a recipient’s server is offline when the spam is sent, they still won’t receive the message when they come back online. This is where greylisting fits in.
Greylisting capitalizes on the spammer’s “try only once” delivery methodology by employing a delay technique. Each time a company’s mail server (that is performing greylisting) receives an email from an unknown sender, a "try again later" message is received by the sender – this is the delay message. As we saw above, most legitimate senders will eventually try again, whereas most spammers won’t. This very simple technique immediately cuts down on the amount of spam processed by a company’s servers. In slightly more technical terms, greylisting determines whether or not to delay a message by checking three components of an email message – the sender’s IP address and email address as well as the recipient’s email address. This is known as the triplet of mail transactions.
One Step in the Fight Against Crime
Keep in mind that greylisting is not meant to be an all-in-one solution. It should be viewed as an additional tool to be used in your overall anti-spam strategy (along with whitelisting and blacklisting). If the spammer does attempt to retry delivery of their spam, the greylisting period allows the other spam-detection components, such as DNS blacklists, to detect and blacklist the spam. By the time the destination server starts accepting emails from the spamming triplet it will already be blocked by other means.
The Bottom Line
Your next question is probably, “how much is it going to cost?” Well, the short answer is… almost nothing. There are a few good open source packages freely available on the internet. If you have the email hardware in place (e.g. a mail relay server, backend email server) all you have to do is download the greylisting software and configure it. If you do not have a qualified internal resource to download and configure the greylisting software you can call Eureka or a similar IT services firm.
With many companies reporting an immediate and significant reduction of spam, the addition of greylisting is an effective tool against our daily onslaught of unwanted email. Considering that both the requirements to run the software and the cost to purchase the software are minimal, the only thing you really stand to lose by implementing greylisting is just a whole lot of spam!
Kevin McGarry serves as the senior systems analyst at Eureka Software Solutions. Please contact Kevin if you have any questions about this newsletter or questions about IT service offerings. Call Kevin at 512-459-9292 ext. 291 or email him at kevinm@eurekasoft.com.