The problem of SPAM is becoming unbearable. Sending garbage such as Viagra pills, drugs, pirated software, cloned watches and so on has become a job for a restricted number of people I will never understand, but who create a lot of annoyance for everyone — including myself.

Most e-mail systems currently use very basic SPAM recognition systems that can come for free or for a small fee. It all depends on the provider where your e-mail is hosted.

The way these systems work is pretty straightforward and consists of assigning a numerical value to the email once it has been received by the destination server. That number depends on a number of factors such as DNS blacklisting, and once assigned to the single message it acts as a weight.

Before being delivered to the destination mailbox, the email is checked against system table values (not directly editable by the user) which let the mail server classify it as a safe message or as SPAM (generally splitting the latter into three levels: low, medium and high).

This system, combined with a good antivirus and the proper incoming rules configuration, allows you in most cases to block unsolicited e-mails, eventually storing them in an "unwanted" message folder so you can give them a glance before the final delete (just to avoid false positives).

However, this system does not prevent the receipt of SPAM messages, since both the sender and the recipient are potentially good (except for whitelist rules, blacklists, or SPF records).

In this scenario, a system which is very efficient at combating SPAM is the Greylist, which eliminates 99.9% of SPAM.

Yes, you read that right: your mailbox would not be affected by these messages anymore — at least after one month of testing I can certainly say this.

Before I explain how this system works, let me describe how spammers collect the e-mail addresses of Internet users. We should not picture people writing the same message millions of times and pressing send or forward. Your e-mail can be obtained — broadly — in 5 different ways:

  1. through programs (bots) which roam the network to collect e-mail addresses and store them in a database;
  2. added by hand by spammers into their database;
  3. when you register on some websites, especially those offering free services (photos, mobile ringtones, free SMS, etc.);
  4. when our address is recklessly inserted into chain letters, or other users improperly use the "forward to all" command, or write an e-mail adding all the contacts together in the destination address field so that everyone can see the addresses of all the people who were added;
  5. through viruses (worms), which infect the system and spread your e-mail address list to the spammers.

The dispatch systems used by spammers, considering the amount of e-mail they have to manage, do not bother to check whether the message was received or not once sent — because that way, assuming even just 10% of users actually receive the e-mail, the spammer has fulfilled their task: to create unease.

Under these circumstances the use of Greylist is perfect.

What are Greylists

Greylists are an intermediate level between the whitelist (users always accepted) and blacklists (users always rejected). The task of a greylist is to refuse, in the first instance, any email from anyone (except those in the whitelist), returning an error code that informs the sending mail server that the receiving server has experienced potential trouble (like a network problem) and that the message should be dispatched at a later time.

The SMTP protocol (the protocol in charge of sending and receiving e-mail) dictates that when this kind of message is received, the message is added to a queue to be processed later, and destroyed only after a number of failed attempts — which in our case never happens.

Since spammers generally use stand-alone software whose only job is to send e-mail, they do not process any answer sent by the receiving server at all and they assume that the delivery process has gone fine, moving on to the next e-mail. In a normal e-mail server, on the other hand, the message will be processed again, and on the next delivery attempt the e-mail will be accepted and regularly delivered to the destination address.

Advantages and disadvantages of Greylist

The Greylist allows you to eliminate 99% of spam. It requires an initial period of tuning, because it may happen that some mail servers haven't been set up to resubmit the message.

In this case, the server or the sender should be whitelisted to bypass the greylist check; leaving the standard anti-spam filter in place is enough to classify those senders and avoid too much noise.

Another disadvantage — which I believe is almost acceptable — is a minimal delay during the delivery of the first message. Indeed, as mentioned above, the message is initially refused. Between the first and second attempt there is a short interval (set by the sender server's system administrator) that may not be tolerated by people in a hurry.

It is worth noting that this delay occurs every time the server is not able to authorize the sender, and that the Greylist addresses are periodically purged.

Example: suppose today is Monday and user A sends an e-mail to user X. The e-mail is refused and the sending server gets the error code. The server continues its work and after a certain period of time (usually 5 minutes) it tries to deliver the e-mail to X again, which in this case will pass the check and be correctly delivered 6-7 minutes later than when A originally sent the message.

On Tuesday, A sends another message to X. The X server authorized A the day before, remembers them, and lets their e-mail through immediately without delays.

After an entire week, so on the following Wednesday, supposing user A has not sent any further messages to X in the meantime (and the list of authorized users has been updated, removing user A), A's message will have to pass the verification process again on the first delivery attempt; whereas — in the case of continuity — the address remains active and so does not suffer further delays.

In short, despite the initial stage of tuning and a small slowdown, implementing the Greylist is — at least for the time being — the ultimate solution to the SPAM problem. Of course, maybe in a few months (hopefully years, or better still, never), spammers will take measures and review their delivery method. But since progress always moves ahead with giant steps, it could also be that tomorrow a new and efficient system will be developed.

I'll close by saying that the Greylist is obviously not for everyone: it is only applicable by people who run their own mail system and have a bit of experience.

What can we do if the mailbox is hosted somewhere else? In that case we just need to ask the provider/host whether the greylist system is running — but based on my experience I can tell you that even when the mail server supports Greylist, it is rarely activated, because not all users are willing to tolerate this slight delay in receiving messages.

I find this a rather ridiculous answer ... especially if we think about how, even today, we often deal with express mail and delivery systems that frequently lose our correspondence.