Singing the praises of greylisting

I have been for many, many years now managing a bunch of domains and the emails they receive. Because one of the domains is of a professional organization I am also a member of, the amount of email being received by that organization by way of spam was growing at an alarming rate.

I had contemplate a whole slew of schemes to manage this spam nuisance, but none of them were, IMHO, a workable scheme that would necessarily guarantee me a zero false negative – until I began to look at how these spam meisters do their craft. The realization came from recognizing that when the spamnets are activiated, these felons are paid by their paymasters on the total number of emails sent out via their zombied Windoze machines and because of their need for speed, if there was a delay in sending an email out to one address, that address would just be skipped over and would go to the next. In addition, if the target machine received the spam, and temporarily told the sender to go away for an undisclosed amount of time, these spambots would just then ignore that address.

And viola, the concept of what is now called greylisting came about. I would not claim to have invented the code for it (let alone write it), but when I figured out the ways of the spam meister, there were others who were also on the same track.

I finally put in place a greylisting scheme for the mail server, and viola, in seconds, the spam volume dropeed like a rock to nearly zero.

The simplicity of the idea is what is so beautiful about it. All the Bayensian networks, text processing, image deciphering etc are all good techniques, but require a far greater investment in software and potentially hardware to make a good filter. I think as a first level, for-sure method, greylisting is tops. The load on the system is very low, emails from legitimate sources are guaranteed to be delivered and false negatives are nullfied. KISS!


  1. comments on greylisting
    I first ran across this technique a number of years ago (in 2001 I believe). David Skoll of Roaring Penguin Software (he also does the MIMEDefang milter) employed it in his CanIt anti-spam software.
    He used to say, “Spammers never knock twice.”

  2. wj
    One way to solve this would be to only allow voice commands to be accepted when a key combo is pressed. Unless, of course, the user is tricked by a program to do so, or a rogue program “tricks” windoze that the key combo has been pressed.

  3. What can we do to stop?
    Interesting read on how M$ rep are trying to bulldoze their way. But understand that ISO has overruled all the above contradictions including Singapore.
    Will ITSC Singapore be able to stick to it guns?

Leave a Reply