Greylisting Print

  • email
  • 75

Greylisting is an anti-spam feature that is very effective at stopping mail from spambots. This is a cPanel feature that can be enabled or disabled for each domain in an account. You can manage it by navigating to Email / Configure Greylisting.

Like all anti-spam features, greylisting it can cause trouble. Here's how it works:

When we receive a message from an outside mail server and if greylisting is on, our mail server does not accept the message immediately. Instead it sends a message that means "try again later". This simple request is what gets the spam bots. Spam bots aren't real mail servers; they just push messages out to a list of addresses. When our server returns a deferral code, the spam bot sees a failure and moves on, never to return. The spam is never even delivered.

This message deferral process is built into Internet standards. A server that can't handle a deferral does not comply with the standards, and that's what catches the spam bots.

A well behaved mail server knows how to respond to a deferral request. It will wait for a period of time and then resend the message. The greylisting module sees that this is a second attempt and lets the message pass. This adds a delay to the delivery process, but in our experience, greylisting kills about 90% of the spam that would otherwise make it through our spam filters. That percentage will drop over time, as new spambots adapt to the challenge.

Greylisting has a time window where it will consider the second delivery attempt valid, and that's where some problems arise. If the second delivery attempt comes too soon, it could be a more sophisticated spam bot that's attempting a re-delivery. If the request comes too late, the greylist module has forgotten about the initial message and the process starts again. These repeated delivery attempts will happen until the sending server gives up and bounces the message back to the sender.

Some social media sites attempt a redelivery too quickly, and some old telecom companies haven't updated their parameters since the 1980's... they attempt redelivery 8 to 10 hours later! The greylist module maintains a list of the IP addresses of senders that are known to not be spam bots, so most messages from these sites never see a deferral message.

But there are always new sites that don't use a valid mail server, and if they're not in our IP address white list, those messages won't get through. If you're experiencing problems with mail delivery from a specific source, open a ticket and we'll see if we can fix the problem. If you're experiencing many problems and don't have a major spam issue, consider simply disabling the feature.

Was this answer helpful?

« Back