2
Greylisting Questions - Is it effective ?
Question asked by Curtis Kropar www.HawaiianHope.org - 1/2/2017 at 3:12 PM
Answered

Aloha !

Happy new year too !

 

So, here are a few questions about greylisting.

 

1) Is greylisting effective any more ? 

In looking over a lot of our SmarterMail SMTP logs the past few weeks, I have notices that some of our spammers, do not just "retry" but are profoundly persistent.  We have a few spammers, that basically have their servers BLAST  away continusously attempting retries of deliveries. and sometimes it is multiple times a second.  What is the point of greylisting when it creates an exponential increase in the amount of processing overhead with the spammers ?

 

2) Is there a way to see an SMTP report of emails that were greylisted and only ever attempted once ? I cant find it built into SmarterMail. If the point of greylisting is for legitimate emails to retry and make it through, and discouraging spammers, there should be a way of proving that it is working. As far as i can see there is no way to evaluate if you are in fact just creating additional processing traffic

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !

5 Replies

Reply to Thread
0
Bump
 
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Jean-Guy Dubois Replied
Hello,

1) you can set DOS settings to prevent too many SMTP connections.
1
Matthew Titley Replied
I've had too many complaints from my clients about greylisting in order to recommend it. I do love the concept but in practice it ends up blocking too many legit emails with unpredictable results. For example, systems that send email notifications like password resets from banks and forums frequently get caught up in the greylisting process and either get delivered hours later or not at all. When an email user is sitting patiently waiting for their bank password reset or confirmation email and it arrives 30 minutes our hours later, often the security time out window has passed.
 
Also, large email systems with many outbound SMTP gateways sometimes get caught in the process. I had a client waiting for outlook.com (I think) email that kept getting delayed because Microsoft's systems were using a different SMTP server everytime they sent. Eventually after six hours or so, the message arrived because the Microsoft system eventually cycled through their pool to a previously used SMTP server IP address.
 
This is why I've disabled it for most domains although I really wanted it to work and tinkered with it for a loooong time. No typical email user wants a long winded explanation on what greylisting is. Been there, done it, and they just don't care as they just want their email to work.
 
Matt
 
 
0
Employee Replied
Employee Post Marked As Answer
1) Is greylisting effective any more ? 
 
Greylisting is effective against any attacker using a simple spam script or mailer utility. Greylisting is essentially ineffective against a legitimate mail server. It seems the recent trend in SnowShoe spam is to purchase a hosting package containing a new domain, valid PTR, SPF, and DKIM records.  Greylisting is essentially useless to these types of attacks.
 
So to answer the question, Greylisting is effective for certain types of attacks. But not so much against the scenario mentioned above.
 
2) Is there a way to see an SMTP report of emails that were greylisted and only ever attempted once ? 
 
At this time this is not possible, you would need to manually review the SMTP logs to determine this information. 
 
0
CCC Replied
I had a similar problem with outlook.com and ended up adding their IP ranges to the greylisting filters. I also increased the pass period to 360 minutes and the expiration to 180 days. That combination seems to have quieted down customer greylisting complaints and things like Microsoft Account password resets come through almost immediately at this point.

Reply to Thread