Andrea MoroIl blog di

Solving the SPAM problem with the Grey list

The problem of SPAM is becoming something unbearable. Garbage sending such as Viagra pills, Drugs, pirated software, cloned watches etc., has become a job for a restricted number of people that I won’t ever understand, but that create a lot of annoyance to everyone – including myself.

Most of the e-mail systems currently use a very basilar SPAM recognition systems that can come for free or for a small allowance. Everything it depends by the provider where your e-mail is hosted.

The way how these systems work is pretty straight forwards and consists into assigning a numerical value to the email once this has been received from the destination server. Such number depends from a number of factors like a DNS blacklisting, and once assigned to the single message act as a weight.
The email before be delivered to destination mailbox is looked up with a system table values (not directly editable by the user) and let the mail server classify the emails as a safe message or as a SPAM (generally dividing the last in three levels: low, medium and high).

This system, with the addition of a good anti virus, and with the proper incoming rules configuration allow in most of the cases to block unsolicited e-mails, eventually stocking them into a “unwanted” message folder to give them a glance before the final delete (just to avoid false positive).

However, this system does not prevent the receipt of SPAM messages, as both the sender that the recipient is potentially good (except Whitelist rules and blacklists, or SPF record).

In this scenario, a system which is very efficient to the combat SPAM is the Greylist, which reduces the 99.9% of SPAM.

Yes, you read that right; Your mailbox would not be affected by these messages anymore – at least after one month of test I could certainly said this.

Before I explain how this system works, let me say how spammers collect e-mail addresses of Internet users. We must not think at people who are writing the same message millions of times and press send or forward. Your E-mail can be get – broadly – in 5 different ways:

  1. through programs, BOT, which go around the network to collect e-mail addresses and store them in a database;
  2. added by hand by spammers in his database;
  3. when you register in some websites, especially those which propose free services (photos, ring tones for mobile, sms free, etc.. Etc.);
  4. when our address is recklessly inserted into “S. Antonio” chains or other user improperly use the command “forward to all people” or write an e-mail adding the contacts alltogether in the destination address field so everybody could see the addresses of all people that had been added;
  5. through virus (Worm), which infects the system and spread your e-mail address list to the spammers;

The dispatch systems used by spammers, considering the amount of e-mail that must manage, once sent mail not bother to check whether it was received or not, because so – assuming also that 10% of these users receiving the e-mail-the spammer has always fulfilled its task: to create unease.

Under this circumstance the use of Greylist is perfect.

What are the Greylist

The Greylist are an intermediate level between the Whitelist (users always accepted) and blacklists (users always rejected). The task of these Greylist is to refuse in the first instance any email from anyone (except those in Whitelist) returning an error code that informs the sending mail server that the receving server have experienced potential trouble (like a network problem) and that the message should be dispatched at a later time.

The SMTP protocol (the protocol in charge to send and receive e-mail) rules when get this kind of message add the message into a queque list to process it later and destroy it after a number of failed attempts, that in our case never happen.

Since spammers generally use stand-alone software that take care just to send e-mail, they don’t process at all any answer sent by the receiving server and they assume that delivery process has gone fine going through next e-mail.In normal e-mail server, instead, the message will be processed again and on next delivery the e-mail will be accepted and regularly delivered to the destination address.

Advantages and disadvantages of Greylist

The Gray list allows to eliminate the 99% of spam. It required an initial period of tuning, because it could be that some mail servers hasn’t been setup for resubmitting the message.

In this case, the server or the sender should be whitelisted to avoid greylist check; leaving standard anti-spam filter is enough to classify those sender and avoid too much noise.

Another disadvantage, I believe almost acceptable, is a minimal delay during the delivery of the first message. Indeed, as mentioned above, the message is initially refused. Between the first and second attempt there is a short time (setup by the sender server’ system administrator) that may be not tolerated by people in a hurry.

Is necessary to remind that the this delay occurs every time the server is not able to authorize the sender and that periodically the Greylist address are purged.

Example: suppose today is Monday and user A send an e-mail to the user X. The e-mail is refused and sending server get the error code. The server continue its works and after a certain period of time (usually 5 minutes) it try to delivery to X the e-mail that in this case will pass over the check and will correctly delivered 6-7 minutes later than when A has sent the message.

Tuesday A sends a message back to X. The X server has authorized A day earlier, remembers him and let pass his e-mail immediately without delays.

After an entire week, so at the following Wednesday, supposing user A no longer sent messages to X (and then the list of authorized users is changed removing user A) during first delivery, the message of A should pass against the verification process; unlike – in the case of continuity – address always remain alive and so do not suffer further delays.

In short, despite an early stage of tuning and a small slowdown, implementing the Greylist is – at least for the time being – the ultimate resource to the SPAM problem. Of course, maybe in a few months (I hope some years or better not ever), spammers take measures and will review their delivery method. But since progress always goes ahead with giant steps, it could also be that tomorrow a new and efficient system will be developed.

I conclude by saying that obviously the Greylist is not something within everyone, but is applicable only by person who runs their own mail system and has a bit of experience.

We can then make use of what if the mailbox is hosted somewhere. In this case we need only to ask the provider / host if the greylist system is running, but basing on my experience I can tell you that even if the mail server used supports Greylist, rarely it is activated because not all users are ready to support this slight delay in receiving.

I find this a very ridiculous answer … expecially if we think about that also today many time we comes through express mail and delivery system that often losts our correspondence.

Other client base SPAM filter are described in Top Anti-Spam Filter Reviews by Elmo Kandel

Technorati Tags: ,


Leave a Reply

gosq