| About | Products | News | Press | Resources | Awards | Jobs | Contact

SecPoint® - anti-spam appliance, web filter, vulnerability scanning, wifi security

What is Grey Listing?

Greylisting is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.

The term Greylisting is meant to describe a general method of blocking spam based on the behavior of the sending server, rather than the content of the messages. Greylisting does not refer to any particular implementation of these methods. Consequently, there is no single Greylisting product. Instead, there are many products that incorporate some or all of the methods described here

The SecPoint® Protector (http://www.secpoint.com/secpoint-protector.html) comes fully loaded with the Grey Listing functionality providing the customers with the best anti spam solution.

 

Greylisting has been designed from the start to satisfy certain criteria:

Have minimal impact on users

Limit spammers ability to circumvent the blocking

Require minimal maintenance at both the user and administrator level

User-level spam blocking, while somewhat effective has a few key drawbacks that make its use in the continuing spam war undesirable. A few of these are:

It provides no notice to the senders of legitimate email that is falsely identified as spam.

It places most of the costs of processing the spam on the receivers side rather than the spammers side.

It provides no real disincentive to spammers to stop wasting our time and resources.

As a result, Greylisting is designed to be implemented at the MTA level, where we can cause the spammers the most amount of grief.

The Greylisting Method

High Level Overview

Greylisting got its name because it is kind of a cross between black- and white-listing, with mostly automatic maintenance. A key element of the Greylisting method is this automatic maintenance.

The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:

The IP address of the host attempting the delivery

The envelope sender address

The envelope recipient address

From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:

If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.

Since SMTP is considered an unreliable transport, the possibility of temporary failures is built into the core spec (see RFC 821). As such, any well behaved message transfer agent (MTA) should attempt retries if given an appropriate temporary failure code for a delivery attempt (see below for discussion of issues concerning non-conforming MTA's).

During the initial testing of Greylisting in mid-2003, it was observed that the vast majority of spam appears to be sent from applications designed specifically for spamming. These applications appear to adopt the "fire-and-forget" methodology. That is, they attempt to send the spam to one or several MX hosts for a domain, but then never attempt a true retry as a real MTA would. From our testing, this means that in the test environment, based on a fairly conservative interpretation of testing data, we have attained an effectiveness of over 95%, and that is with no legitimate mail ever being permanently blocked.

In addition, with the recent rampant proliferation of email-based viruses, Greylisting has been shown to be extremely effective in blocking these viruses, as they also do not tend to retry deliveries. And since these viruses are fairly large, bandwidth and processing savings are significant versus the standard method of accepting delivery and local virus scanning.

This blocking comes with a minimal price from the terms of local resources. Assuming the use of a local datastore for the triplet and other metadata, there is no required network traffic caused by Greylisting other than that associated with the connection itself. Since we are not checking the contents of the message at all there is very little processing overhead, unlike many other spam blocking methods.

The best part is that since we never permanently fail a message delivery, as long as the delivering MTA's are well behaved, we should never cause a legitimate mail to bounce. There should never be a false positive!

 

 

SecPoint® - What is Grey Listing? - Appliance vs Software
SecPoint® - What is Grey Listing? - What is Cross Site Scripting(XSS)?
SecPoint® - What is Grey Listing? - What is SQL Injection?
SecPoint® - What is Grey Listing? - What is a Routing Table?
SecPoint® - What is Grey Listing? - What is High Availability?
SecPoint® - What is Grey Listing? - What is Grey Listing?
SecPoint® - What is Grey Listing? - What is a Web Filter?
SecPoint® - What is Grey Listing? - What is a Vulnerability?
SecPoint® - What is Grey Listing? - What is a Proxy Server?
SecPoint® - What is Grey Listing? - What is a Firewall?
SecPoint® - What is Grey Listing? - What is a Cookie?
SecPoint® - What is Grey Listing? - What is a Bayesian Filter?
SecPoint® - What is Grey Listing? - Test Your Security Policy
SecPoint® - What is Grey Listing? - Email & Spam Test Links
SecPoint® - What is Grey Listing? - What is RoHS Weee?
SecPoint® - What is Grey Listing? - What is Vulnerability Scanning?
SecPoint® - What is Grey Listing? - What is Vulnerability Assessment?
SecPoint® - What is Grey Listing? - What is Penetration Testing?
SecPoint® - What is Grey Listing? - What is a Security Exploit?
SecPoint® - What is Grey Listing? - What is Appliance Scanning?
SecPoint® - What is Grey Listing? - What is Zero Day?
SecPoint® - What is Grey Listing? - What is Unified Threat Management?
SecPoint® - What is Grey Listing? - What is Intrusion Prevention?
SecPoint® - What is Grey Listing? - What is a Content-Filter?
SecPoint® - What is Grey Listing? - What is VoIP
SecPoint® - What is Grey Listing? - What is Virus?
SecPoint® - What is Grey Listing? - What is Spyware?
SecPoint® - What is Grey Listing? - What is Phishing?
SecPoint® - What is Grey Listing? - What is P2P?
SecPoint® - What is Grey Listing? - What is Instant Messaging?
SecPoint® - What is Grey Listing? - What is Spam?
SecPoint® - What is Grey Listing? - White Papers
SecPoint® - What is Grey Listing? - Technology Papers

© Copyright 1999-2008: SecPoint®
SecPoint ApS - Lergravsvej 53 - 2300 Copenhagen S - Phone +45 70 235 245
Privacy Statement | Link Policy | User Policy | SecPoint® Blog | SecPoint® Picture Archive |

Anti-Spam Appliance - Anti-Spam Firewall - Unified Threat Management Appliance
Anti-Virus - Web Filter Appliance - Anti Spam Appliance - Anti Spam Firewall - UTM Appliance

Wifi Security - Wifi Pen Test - Wifi Crack - Wifi Hack - Wifi Audit - Wep Wpa2 Crack

Vulnerability Scanner - Vulnerability Assessment - Security Scanner - Pen Test Appliance