The first time a given recipient receives a message from a given sender, we respond to the sending mail server with a temporary rejection message, asking the sending mail server to try again. (This happens during the SMTP conversation and is transparent to end users.) With legitimate email, the sending mail server tries again a few minutes later, at which time we accept the message and send it through the standard spam and virus filtering systems. But most spam messages are sent using software that will not re-try the delivery -- thus those junk messages will never be re-sent, and will never arrive either in quarantine or in the user's inbox.
For each incoming message, we examine three elements in the early part of the SMTP conversation: the IP address of the sender, the sender email address, and the recipient email address. If this is the first time we identify this email "relationship," we issue a temporary deferral message to the sending mail server, before the DATA portion of the email is sent. That relationship is then "greylisted."
If or when within a finite period we see that same set of sender IP address, sender email address, and recipient email address again -- as we would expect to see with any legitimate email -- we then "whitelist" that combination, so that that message, as well as any future message with that relationship, is passed through without the temporary deferral. This whitelisted combination remains in place for upwards of a month.
After a message passes through the greylisting, we then process that message as usual, so that any spam message that is re-tried will still be subjected to the same message analysis techniques as in cases where greylisting is not used
Greylisting by its nature can introduce delays in message flow, but these delays are generally brief and non-recurring for a given recipient-sender combination. The length of the delay is dependent on how long a sending mail server waits before re-trying after we defer the message. While a few sending mail servers -- typically those used for high-volume mailings -- will have a relatively long re-try interval of 1-2 hours, most mail servers will automatically re-send a temporarily deferred message in 15 minutes or less.
Additionally, since the email "relationship" described above (sender IP address, sender address, and recipient address) is whitelisted after a single temporary deferral, there should not be any subsequent delays after that initial message.
Any "From" addresses that are whitelisted by a user or domain administrator are not subjected to the greylisting.
Comments
0 comments
Please sign in to leave a comment.