University of California, Riverside

C&C Antispam



How Does Graylisting Work?


Graylisting functions at the mail relay level of the mail transfer process. When an SMTP communication between a remote mail server and UCR’s mail relay server is initiated, three pieces of information are passed to UCR’s mail server early in the communication: the IP address of the remote server, the mail recipient’s address (ex. john.doe@ucr.edu), and the sender’s address (ex. spammer@spamhouse.com). This “triplet” of information is checked against an internal database of previous mail communications.

If this specific triplet has not been successfully passed by the graylisting system before, a temporary failure message is sent to the remote mail server. If the remote mail server is properly configured according to RFC 821, which specifies the SMTP protocol standard, the remote mail server will attempt to resend the message after a brief delay (usually within 1 hours of the original attempt). Resent messages containing this same triplet of information will be passed immediately to the UCR recipient to whom they are addressed.

Spam, on the other hand, is typically not resent, commercial spamming programs tend to not retry messages that are temporarily failed. In addition, automatically generated e-mail sent from virus-infected computers is also typically not resent, making graylisting one extra level of protection against these viruses. Finally graylisting benefits UCR’s network by reducing unnecessary traffic. Since graylisting rejects e-mail before any of the message body or attachments are sent, a large portion of the traffic generated by spam never makes it into UCR’s mail server or onto UCR’s network.

While over time spammers will likely adapt to graylisting techniques and develop software that does resend, requiring a resend on bulk mailings will eventually help to make other techniques, like real-time blocking lists (RBLs) more effective by allowing more time for spammers to be added to RBL blacklists before their spam is passed onto UCR’s network. In addition, any resending required of spammers can dramatically increase their operating costs, draining some of the commercial motivation behind most spamming.

Graylisting is not a replacement for spam-tagging, anti-virus programs or safe computing practices by users. C&C is employing graylisting as an additional measure in our battle to eliminate as much spam as possible from UCR’s network. It is likely that a small amount of spam will continue to filter into user’s mailboxes, and users should continue to be vigilant in managing their e-mail, and avoid opening unexpected attachments, or those sent by unknown users.

(this answer relies on information taken from Evan Harris’ explanation of graylisting located at http://projects.puremagic.com/greylisting/whitepaper.html, and on the Slashdot discussion of graylisting located at http://slashdot.org/articles/03/06/20/168203.shtml?tid=111&tid=126)

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541
E-mail: helpdesk@ucr.edu

Footer