Tuesday, April 24, 2007

Use "greylisting" to help eliminate spam

This article outlines another potential tool to stop spam.


This method claims to help your existing spam filter strategies to identify and eliminate 95% of spam from the most obvious spam filters.

The way this works is a combination of blacklisting and whitelisting, hence the name, greylisting.

When a message comes in to an email server with greylisting, the message is analyzed for the following three pieces of information:
- incoming IP address
- advertised sender email address
- intended destination email address

These three pieces of information uniquely identifies the message to the greylisting method. If this identifier has not been seen before, the email server simply sends an RFC 821 message back to the sending server that basically states, "sorry, the message wasn't received correctly, please retry sending after a short wait."

Since email is not designed to be 100% reliable, email servers are supposed to accept this sort of reply and shortly attempt to resend an email message when the "sorry" reply is received.

So if the sending email server sends the message again, with the same identifier, the greylisting email server will add the identifier to it's internal whitelist. If the message is never resent, the greylisting server can assume the sender was a "fire-and-ignore" spam source.

This strategy is great for eliminating spam in a number of ways.
- identified servers that don't respond can be blacklisted
- identified servers that DO respond can be processed by existing DNS-blacklist services

There is an added cost of the traffic necessary on the greylisting receiver's server, as well as the extra traffic to confirm messages to and from valid senders, but this does add to the processing cost for spammers as well. Hopefully the added cost to the spammer, if they bother to respond to greylisting at all, makes spamming unprofitable to them.

In the meantime, this is yet another way to try to identify and eliminate spam email (from the most oblivious spam sources) before it reaches your inbox.

No comments:

Post a Comment