---
title: "Email Encyclopedia: What is Greylisting"
date: 2025-07-21
artist: Yuanshu
summary: "Greylisting is an anti-spam technique that filters spam by temporarily rejecting unknown mail senders, offering low cost, low false positive rates, and good filtering results."
tags: ["Email Encyclopedia", "Alibaba Mail"]
keywords: ["Greylisting, Anti-spam, SMTP, Postfix, Mail Server, Whitelist, Blacklist, SPF, Email Delay, Network Security"]
description: "Greylisting is an anti-spam technique that filters spam by temporarily rejecting unknown mail senders, offering low cost, low false positive rates, and good filtering results."
---
**Greylisting** is an anti-spam technique used for email servers that blocks the spread of spam by temporarily rejecting mail transfer requests from unknown or unverified email senders. This mechanism is based on a fundamental assumption: most spam senders will not attempt to resend messages after an initial failure, while legitimate mail servers will retry sending after a certain period of time.
The greylisting technique was proposed by software developer **Travis H.** in 2002 and elaborated in detail on his personal blog in 2003. Since then, it has been widely applied in various mail server systems, becoming an effective means to combat spam.
---
## How Greylisting Works
The core concept of greylisting is **delayed acceptance**. Its workflow typically includes the following steps:
1. **First Connection Request**:
- When a mail server (MTA) attempts to send an email to the recipient server for the first time, the recipient server records the following three pieces of information:
- Sender IP address (source IP)
- Email sender address (MAIL FROM)
- Email recipient address (RCPT TO)
2. **Temporary Rejection**:
- The recipient server returns a **temporary SMTP error code** (usually 451), indicating that it cannot accept the email at the moment and suggesting the sender try again later.
- Legitimate mail servers (such as Postfix, Sendmail, etc.) will automatically retry sending according to the SMTP protocol.
3. **Second Attempt and Clearance**:
- If the sender attempts to send the same email combination (i.e., the same sender, recipient, and IP address) again within a preset time window (for example, between 15 minutes and 24 hours), the recipient server will accept the email and add it to a whitelist (allowing direct passage).
4. **Subsequent Communication Requires No Verification**:
- Once a communication is successfully completed, that combination will be trusted for a period of time and will no longer trigger the greylisting mechanism.
---
## Technical Details and Implementation Methods
### SMTP Response Codes
Greylisting systems typically use the SMTP response code `451` to indicate temporary rejection. Common response messages include:
- `451 temporary failure, please try again later`
- `451 Try again later`
- `451 Temporary greylisting rejection`
These response codes tell the sender that this is a recoverable error and they should try again later.
### Database Storage
The greylisting mechanism needs to maintain a database to record yet-to-be-verified triplets (IP address, sender, recipient). This database can be an in-memory cache, file system, or relational/non-relational database. Common implementations include:
- Using Berkeley DB
- Using MySQL or PostgreSQL
- Using Redis or Memcached caching systems
### Time Window Settings
The time window is a key parameter of the greylisting mechanism. Typical time ranges are as follows:
- Wait time after initial rejection: **15-30 minutes**
- Whitelist retention time: **24 hours to 7 days**
Too short a time window may not effectively filter spam; too long a time window may cause excessive delays for normal emails.
---
## Advantages of Greylisting
1. **Efficient Spam Filtering**:
- Most spam programs do not have retry functionality, so they are effectively blocked by the greylisting mechanism.
2. **Low False Positive Rate**:
- Legitimate mail servers typically follow SMTP standards and have retry mechanisms, so they are rarely misidentified.
3. **Low Resource Consumption**:
- Compared to other complex anti-spam technologies (such as content analysis, Bayesian filtering), greylisting consumes relatively few server resources.
4. **Easy to Integrate**:
- Can be used as a plugin or middleware for existing mail servers without requiring large-scale modifications to system architecture.
---
## Disadvantages and Limitations of Greylisting
Despite being an effective anti-spam technique, greylisting also has some disadvantages and limitations:
### 1. Delay Issues
- Greylisting causes delays in first-time email delivery, which may affect user experience, especially in cross-time zone communications.
### 2. Not Friendly to Time-Sensitive Emails
- Emails requiring immediate delivery, such as transaction confirmations or urgent notifications, may be delayed due to the greylisting mechanism.
### 3. Distributed Spam Attacks
- Some advanced spam senders use distributed IP addresses for attacks, sending emails from different IP addresses each time, thereby bypassing the greylisting mechanism.
### 4. Need for Coordination with DNSBL and SPF
- Using greylisting alone cannot block all spam; it usually needs to be combined with other technologies (such as DNS blacklists, SPF, DKIM).
---
## Common Greylisting Implementation Tools
Below are several common greylisting implementation solutions:
### 1. **Postgrey**
- A greylisting daemon designed for Postfix mail servers.
- Supports whitelist and blacklist configuration, and database storage.
- An open-source project widely used on Linux systems.
### 2. **DCC (Distributed Checksum Clearinghouse)**
- Although not a pure greylisting system, DCC can improve anti-spam effects through collaborative filtering and greylisting mechanisms.
### 3. **Milter-Greylist**
- Suitable for mail servers using Sendmail or compatible with the Milter interface.
- Provides flexible configuration options, supporting IPv6, regular expression matching, etc.
### 4. **Exim + Greylist ACL**
- Exim mail server can implement greylisting functionality through Access Control Lists (ACL).
---
## Differences Between Greylisting, Whitelisting, and Blacklisting
| Feature | Whitelist | Blacklist | Greylist |
|---------|-----------|-----------|----------|
| Principle | Explicitly trust certain sources | Explicitly reject certain sources | Temporarily reject unknown sources |
| Advantages | No false positives, no delays | Filter known spam | Automatic learning, low resource consumption |
| Disadvantages | High maintenance cost | Cannot handle new sources | Initial emails experience delays |
| Application Scenarios | Internal communications, VIP users | Known malicious IPs/domains | Public mail servers |
---
## Best Practices for Greylisting
To maximize the effectiveness of greylisting and reduce negative impacts, the following measures are recommended:
1. **Set Reasonable Time Windows**:
- Initial rejection wait time is recommended to be 15-30 minutes;
- Whitelist retention time is recommended to be 24 hours or more.
2. **Enable Whitelist Mechanisms**:
- Add trusted mail servers and partner IP addresses to the whitelist to avoid unnecessary delays.
3. **Combine with Other Anti-Spam Technologies**:
- Use in conjunction with authentication mechanisms like SPF, DKIM, and DMARC to enhance overall security.
4. **Monitoring and Log Analysis**:
- Regularly review greylisting logs to identify potential spam sources or abnormal behavior.
5. **Provide User Feedback Channels**:
- If users report severe email delays, manually add relevant senders to the whitelist.
---
## The Position of Greylisting in Modern Email Systems
With the development of email security technology, greylisting is no longer the only or primary anti-spam measure. However, in many small and medium-sized mail servers, it remains a simple and efficient supplementary defense mechanism.
Modern large mail service providers (such as Google Gmail, Microsoft Outlook) may not directly use traditional greylisting mechanisms, but their underlying security policies still include similar ideas—namely, applying stricter verification processes for unknown senders.
Additionally, greylisting is also commonly used in environments with high email security requirements, such as educational institutions and government agencies.
---
## Summary
Greylisting is an anti-spam technology based on SMTP protocol characteristics that filters a large amount of spam by temporarily rejecting unknown email senders. Its core advantages are low cost, low false positive rate, and good filtering effects. Despite issues like email delays, greylisting remains an important part of mail server security protection systems through reasonable configuration and combination with other technologies.
As the email ecosystem continues to evolve, greylisting is also continuously developing. For example, machine learning-based dynamic greylisting systems have emerged, which can intelligently adjust rejection policies based on historical behavior. In the future, greylisting technology will continue to play an important role in the field of network security.