September 01, 2014  |  SSS News

Greylisting is a method of reducing incoming spam. It has been in use for many years, and has proved to be an effective and low cost way to significantly reduce spam. Recently, a down side to Greylisting has become apparent. Some companies - Google in particular - that provide email services are not set up to be Greylisting friendly. As a result, emails from these email services can be delayed for significant periods of time. We have a look at this situation and suggest ways to manage it.

How does Greylisting work?
Greylisting is implemented on the edge device that receives email into an organisation.
Greylisting works by rejecting the connecting server with an 'I am busy' message. This is generally done to a server with an unknown, poor or suspicious reputation. Servers known to the recipient or servers with a neutral or better reputation are usually configured on your edge gateway to bypass the Greylisting check. The connecting server will (almost always) wait for a defined amount of time, and then try again. The time period is configured on the sending server, and is often something between 5 and 15 minutes. On the second attempt the message is accepted by your edge server, and delivered to the user. This works to reduce spam as, to date, most spam sending systems don't bother to wait and retry. They just move on to the next target address in their very large list of destination addresses.

Advantages of Greylisting
Large amounts of spam emails are stopped before entering the organisation. Stopping these types of email at the edge means that fewer spam emails get through to your users, and that fewer resources (CPU, memory) are consumed on your edge device - less email processing and anti-virus scanning is required. Usually it is only the first email from a sending gateway that is delayed, and that is usually only a short delay. Often this isn't noticed by the end user.

Disadvantages of Greylisting
Many email companies that use server farms tune them to be "Greylisting friendly" by having the retries sent out from the same server that the original message was sent from (except in case of hardware failure). Unfortunately Google and a few others don't do this, even though they use grey listing on incoming messages. This can result in the email being repeatedly Greylisted as subsequent re-sends of the email can come from a different IP address. It won't be until the email is re-sent from one of the IP addresses that previously sent it that it will actually be accepted by your edge device. This can delay the email's arrival by a significant period.
Note that this doesn't just affect "home" users using Gmail addresses. It also affects businesses that have adopted Google apps for their email (and other) services. This means that a growing number of organisations you deal with are likely to be using Google mail servers. You probably don't want to be delaying emails to you from your customers etc. so you need to look at options to prevent this.

A work around for Google Apps Mail servers
The only effective way to prevent potentially lengthy delays for email from Google mail servers (without turning off Greylisting entirely) is to whitelist the Google mail server IP addresses - i.e. don't use Greylisting on them. Google have a large and growing number of mail servers, and so you will need to query their SPF (Sender Policy Framework) record to find the current list of their mail server IP addresses.
This article from Google tells you how to do that.

Modern email gateways (edge devices) have multiple methods to reduce spam, (of which Greylisting is one). With Greylisting turned off for Google mail servers, there is an increased risk of spam getting through, but the other filters in your email gateway will still provide an amount of spam prevention. This is the trade-off. If you find that your current Greylisting is delaying important time-sensitive emails from arriving, then you probably want to turn off Greylisting (partially) and live with the risk of increased spam coming though. [Some modern email gateways are so confident in their non-Greylisting spam filters/tools, that they don't use Greylisting at all by default.] If you haven't noticed any important emails being delayed, then you don't need to do this (yet).