Greylisting Email

Greylisting has been around for a while as an anti-spam technique. It’s fairly simple, and it’s advocates praise it, but I’ve always been a little turned off by it, for two reasons. First, it necessarily slows down email delivery, which I don’t much care for, and second, the control over just when how long it takes your email to get delivered to you is left to third parties; you have no say over just when a “real” email will actually get delivered to you.

More for kicks and giggles than anything else, I recently setup Spey on a spare server, and configured two domains to use that machine as their MX record. I was curious just how effective it would be, and wanted to test it’s regexp-based blacklist capabilities. The results were surprising.
This was handling mail for two domains, with a total of less than a dozen actual legitimate recipients. No whitelisting was in place, and the only blacklisting was pretty basic – a total of eleven rules, five of which were TLDs. I configured it to use the SBL-XBL and Spamcop DNSBLs, as those were being used by the “real” mailserver, and it seemed worthwhile to try and drop messages from listed IPs with Spey, rather than at the mailserver (which handles mail for a number of other domains, as well.)
Anyway, here are the stats after fourteen full days of use:

  • 10,443 messages were blacklisted
  • 1,724 messages were dropped for ‘malformed’ domains
  • 199 connections sent commands too soon
  • 150 connections timed out
  • 108 messages were relay attempts
  • 2,922 messages were greylisted
  • 569 messages were accepted
  • These stats can be a little misleading, though. The MTA and it’s frontends would have dropped a lot of those anyway – the relay attempts, the connections that spoke too soon, the majority of malformed or nonexistant domains – and the DNSBL checks probably accounted for the majority of the blacklist hits. What’s really worth looking at is the messages that were greylisted – provisionally accepted, in other words – and the messages accepted. In this instance, almost 2,500 messages passed the blacklists, DNSBL checks, and sanity checks to be greylisted that weren’t from actual mailservers, and never got re-delivered. (Actually, the number is slightly lower, because Spey doesn’t handle mail from large organizations like AOL, Gmail, or Hotmail very well.)

    In the end, I’m impressed enough with greylisting – and Spey – to continue using them both. I’m not convinced they’re appropriate for everyone, but they help, and for a lot of people, that’s good enough.

    Published in: Geekiness, General | on April 29th, 2007| Comments Off on Greylisting Email

    Both comments and pings are currently closed.

    Comments are closed.