Wifi Password Recovery - UTM - Vulnerability Scanning

SHOP
CLOUD PEN
VIP LOGIN
Sun Sun Sun

You are here: Encyclopedia > Encyclopedia Part 3 > What is Grey Listing?

 What is Grey Listing?

Grey listing is a new method of blocking significant amounts of spam at the mail server level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mail server.

 
The term grey listing is meant to describe a general method of blocking spam based on the behavior of the sending server, rather than the content of the messages. Grey listing does not refer to any particular implementation of these methods. Consequently, there is no single grey listing product. Instead, there are many products that incorporate some or all of the methods described here.
 
The SecPoint® Protector (http://www.secpoint.com/secpoint-protector.html) comes fully loaded with the grey listing functionality that provides the customers with the best anti-spam solution.
 
 
Grey listing has been designed from the start to satisfy certain criteria:
 
  • Have minimal impact on users
 
  • Limit spammers' ability to circumvent the blocking
 
  • Require minimal maintenance at both the user and administrator level
 
While somewhat effective, user-level spam blocking has a few key drawbacks that make its use in the continuing spam war undesirable. A few of these are:
 
  • It provides no notice to the senders of legitimate email that is falsely identified as spam.
 
  • It places most of the costs of processing the spam on the receivers' side rather than the spammers' side.
 
  • It provides no real disincentive to spammers to stop wasting our time and resources.
 
As a result, grey listing is designed to be implemented at the MTA level, where we can cause the spammers the most amount of grief.
 
High Level Overview
 
Grey listing got its name because it is kind of a cross between black- and white-listing, with mostly automatic maintenance. A key element of the grey listing method is its automatic maintenance.
 
The grey listing method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:
 
  • The IP address of the host attempting the delivery
 
  • The envelope sender address
 
  • The envelope recipient address
 
From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is, "If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure."
 
Since SMTP is considered an unreliable transport, the possibility of temporary failures is built into the core spec. As such, any well behaved message transfer agent (MTA) should attempt retries if given an appropriate temporary failure code for a delivery attempt (see below for discussion of issues concerning non-conforming MTA's).
 
During the initial testing of grey listing in mid-2003, it was observed that the vast majority of spam appears to be sent from applications designed specifically for spamming. These applications appear to adopt the "fire-and-forget" methodology. That is, they attempt to send the spam to one or several MX hosts for a domain, but then never attempt a true retry as a real MTA would.
 
The aforementioned tests confirmed that in the test environment, based on a fairly conservative interpretation of testing data, an effectiveness of over 95% was attained, and that is with no legitimate mail ever being permanently blocked.
 
In addition, with the recent rampant proliferation of email-based viruses, grey listing has been shown to be extremely effective in blocking such malware, as they also do not tend to retry deliveries. And since they tend to be fairly large, bandwidth and processing savings are significant compared to the standard method of accepting delivery and local virus scanning.
 
This blocking comes with a minimal price from the terms of local resources. Assuming the use of a local datastore for the triplet and other metadata, there is no required network traffic caused by grey listing other than that associated with the connection itself. Since users tend to not check the contents of the message at all when using grey listing services, there is very little processing overhead, unlike many other spam-blocking methods.
 
The best part is that since grey listing never permanently fails a message delivery, as long as the delivering MTA's are well behaved, the spam-blocking method should never cause a legitimate mail to bounce. There should never be a false positive!
 
  

 

network security utm firewall 

 

Related pages
Anti-Spam Firewall
Anti-Spam Software
Anti-Virus
Appliance VS Software
Cloud Security
WEP Key
What is a Man in the Middle Attack?
What is a Routing Table?
What is CISSP?
What is Cross Site Scripting(XSS)?
What is Data Leak Prevention?
What is Dumpster Diving?
What is Grey Listing?
What is GSM Encryption?
What is Instant Messaging?
What is Port Knocking?
What is search engine hacking?
What is Spyware?
What is SQL Injection?
What is TCP?
What is UDP?
What is UTM?
What is Virus?
What is VoIP?
What is Whitelisting?
WiFi Pen Test
WPA Key
Want to be Contacted?
Click here to Get Contacted

Free Services
Free Wi-Fi Top 15 Security Tips
Free Vulnerability Scan
SecPoint News

» New SecPoint May 2013 Webinar Sign Up Now
Signup for SecPoint Webinar May 2013...
Friday May 17, 2013

Awards & Reviews
  
Featured SecPoint Customers

Featured SecPoint clients



SecPoint® © Copyright 1999-2013
US Toll Free: +1-888-704-7297 - EU Toll Free: +44-808-101-2272