Solving the SPAM problem with the Grey list

The problem of SPAM is becoming something unbearable. Levels of garbage (Viagra, Drugs, pirated software, watches etc) sent from users seems to have become a job for these people that I won’t ever understand, but that everyone – including myself – makes a huge annoyance.

On most e-mail systems actually in use there are some basics systems of SPAM recognition. These systems can act in different ways, and being free or under fee license. Everything depends on the provider where your e-mail is hosted.

A common protection system is that one that after parsing the e-mail or checked against some other methods (eg DNS blacklisting) assign to the e-mail a weight as a numerical value; such value is applied by the mail system according to a table values (not directly editable) and let the mail server classifies e-mails as SPAM in three levels (low, medium and high).

This system, with the addition of a good anti virus, and with the proper configuration of the rules of incoming e-mails permits – in most cases – to group in a single place unsolicited e-mails; giving them a fleeting glance is necessary to avoid false positive, After that is possible to safely delete them altogether without worrying about important e-mail lost.

However, this system does not prevent the receipt of SPAM messages, as both the sender that the recipient is potentially good (except Whitelist rules and blacklists, or SPF record).

In this scenario, a system which is very effecicient to the combat SPAM is the Greylist, which reduces the 99.9% of SPAM.

Yes, you read that right; Your mailbox would not be affected by these messages anymore – at least after one month of test I could certainly said this.

Before I explain how this system works, let me say how spammers collect e-mail addresses of Internet users. We must not think at people who are writing the same message millions of times and press send or forward. Your E-mail can be get – broadly – in 5 different ways:

  1. through programs, BOT, which go around the network to collect e-mail addresses and store them in a database;
  2. added by hand by spammers in his database;
  3. when you register in some websites, especially those which propose free services (photos, ring tones for mobile, sms free, etc.. Etc.);
  4. when our address is recklessly inserted into “S. Antonio” chains or other user improperly use the command “forward to all people” or write an e-mail adding the contacts alltogether in the destination address field so everybody could see the addresses of all people that had been added;
  5. through virus (Worm), which infects the system and spread your e-mail address list to the spammers;

The dispatch systems used by spammers, considering the amount of e-mail that must manage, once sent mail not bother to check whether it was received or not, because so – assuming also that 10% of these users receiving the e-mail-the spammer has always fulfilled its task: to create unease.

Under this circumstance the use of Greylist is perfect.

What are the Greylist

The Greylist are an intermediate level between the Whitelist (users always accepted) and blacklists (users always rejected). The task of these Greylist is to refuse in the first instance any email from anyone (except those in Whitelist) returning an error code that informs the sending mail server that the receving server have experienced potential trouble (like a network problem) and that the message should be dispatched at a later time.

The SMTP protocol (the protocol in charge to send and receive e-mail) rules when get this kind of message add the message into a queque list to process it later and destroy it after a number of failed attempts, that in our case never happen.

Since spammers generally use stand-alone software that take care just to send e-mail, they don’t process at all any answer sent by the receiving server and they assume that delivery process has gone fine going through next e-mail.In normal e-mail server, instead, the message will be processed again and on next delivery the e-mail will be accepted and regularly delivered to the destination address.

Advantages and disadvantages of Greylist

The Gray list allows to eliminate the 99% of spam. It required an initial period of tuning, because it could be that some mail servers hasn’t been setup for resubmitting the message.

In this case, the server or the sender should be whitelisted to avoid greylist check; leaving standard anti-spam filter is enough to classify those sender and avoid too much noise.

Another disadvantage, I believe almost acceptable, is a minimal delay during the delivery of the first message. Indeed, as mentioned above, the message is initially refused. Between the first and second attempt there is a short time (setup by the sender server’ system administrator) that may be not tolerated by people in a hurry.

Is necessary to remind that the this delay occurs every time the server is not able to authorize the sender and that periodically the Greylist address are purged.

Example: suppose today is Monday and user A send an e-mail to the user X. The e-mail is refused and sending server get the error code. The server continue its works and after a certain period of time (usually 5 minutes) it try to delivery to X the e-mail that in this case will pass over the check and will correctly delivered 6-7 minutes later than when A has sent the message.

Tuesday A sends a message back to X. The X server has authorized A day earlier, remembers him and let pass his e-mail immediately without delays.

After an entire week, so at the following Wednesday, supposing user A no longer sent messages to X (and then the list of authorized users is changed removing user A) during first delivery, the message of A should pass against the verification process; unlike – in the case of continuity – address always remain alive and so do not suffer further delays.

In short, despite an early stage of tuning and a small slowdown, implementing the Greylist is – at least for the time being – the ultimate resource to the SPAM problem. Of course, maybe in a few months (I hope some years or better not ever), spammers take measures and will review their delivery method. But since progress always goes ahead with giant steps, it could also be that tomorrow a new and efficient system will be developed.

I conclude by saying that obviously the Greylist is not something within everyone, but is applicable only by person who runs their own mail system and has a bit of experience.

We can then make use of what if the mailbox is hosted somewhere. In this case we need only to ask the provider / host if the greylist system is running, but basing on my experience I can tell you that even if the mail server used supports Greylist, rarely it is activated because not all users are ready to support this slight delay in receiving.

I find this a very ridiculous answer … expecially if we think about that also today many time we comes through express mail and delivery system that often losts our correspondence.

Other client base SPAM filter are described in Top Anti-Spam Filter Reviews by Elmo Kandel

Technorati Tags: ,