1
Greylisting Questions - Is it effective ?
Question asked by Curtis Kropar www.HawaiianHope.org - January 2 at 3:12 PM
Answered

Aloha !

Happy new year too !

 

So, here are a few questions about greylisting.

 

1) Is greylisting effective any more ? 

In looking over a lot of our SmarterMail SMTP logs the past few weeks, I have notices that some of our spammers, do not just "retry" but are profoundly persistent.  We have a few spammers, that basically have their servers BLAST  away continusously attempting retries of deliveries. and sometimes it is multiple times a second.  What is the point of greylisting when it creates an exponential increase in the amount of processing overhead with the spammers ?

 

2) Is there a way to see an SMTP report of emails that were greylisted and only ever attempted once ? I cant find it built into SmarterMail. If the point of greylisting is for legitimate emails to retry and make it through, and discouraging spammers, there should be a way of proving that it is working. As far as i can see there is no way to evaluate if you are in fact just creating additional processing traffic

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

3 Replies

Reply to Thread
0
Curtis Kropar www.HawaiianHope.org Replied
February 6 at 12:40 PM
Bump
 
www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.
1
Matthew Titley Replied
February 7 at 7:53 AM
I've had too many complaints from my clients about greylisting in order to recommend it. I do love the concept but in practice it ends up blocking too many legit emails with unpredictable results. For example, systems that send email notifications like password resets from banks and forums frequently get caught up in the greylisting process and either get delivered hours later or not at all. When an email user is sitting patiently waiting for their bank password reset or confirmation email and it arrives 30 minutes our hours later, often the security time out window has passed.
 
Also, large email systems with many outbound SMTP gateways sometimes get caught in the process. I had a client waiting for outlook.com (I think) email that kept getting delayed because Microsoft's systems were using a different SMTP server everytime they sent. Eventually after six hours or so, the message arrived because the Microsoft system eventually cycled through their pool to a previously used SMTP server IP address.
 
This is why I've disabled it for most domains although I really wanted it to work and tinkered with it for a loooong time. No typical email user wants a long winded explanation on what greylisting is. Been there, done it, and they just don't care as they just want their email to work.
 
Matt
 
 
0
Von-Austin See Replied
February 17 at 10:30 AM
Employee Post
1) Is greylisting effective any more ? 
 
Greylisting is effective against any attacker using a simple spam script or mailer utility. Greylisting is essentially ineffective against a legitimate mail server. It seems the recent trend in SnowShoe spam is to purchase a hosting package containing a new domain, valid PTR, SPF, and DKIM records.  Greylisting is essentially useless to these types of attacks.
 
So to answer the question, Greylisting is effective for certain types of attacks. But not so much against the scenario mentioned above.
 
2) Is there a way to see an SMTP report of emails that were greylisted and only ever attempted once ? 
 
At this time this is not possible, you would need to manually review the SMTP logs to determine this information. 
 
Von See
Technical Support Specialist / Internal IT
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread