What is Greylisting?

Greylisting is a method used by the CyberHound Appliance to minimise spam. When an email is received by the CyberHound Appliance with a sender and recipient combination that has not yet been seen, the email is temporarily rejected and the combination is added to the greylist. This forces the remote email server to resend the email a few minutes later. If enough time has passed, the email will be accepted, as the sender/recipient combination has already been seen previously by theCyberHound Appliance.

Greylisting works because real email servers retry sending of emails if temporary errors occur. on the other hand, spammers often use ‘bots’ to send spam. These ‘bots’ will only try to send the spam email once, ignoring delivery errors. By not accepting an email from new senders the first time, the amount of spam accepted from spammers is greatly reduced.


How It Works

Normal Operation

If greylisting is enabled and the CyberHound Appliance receives an email with a sender/recipient combination it hasn’t seen before, the following occurs:

  1. The initial email is rejected with a temporary error code.
  2. The CyberHound Appliance will not accept the email for 5 minutes from the initial attempt if the remote email server attempts to re-send the email.
  3. If the remote email server retries the delivery after 5 minutes and within 72 hours, the email will be accepted. Subsequent deliveries within 42 days using that sender/recipient combination will be accepted instantly. Each time an email from that combination is accepted, emails will be accepted without greylisting for a further 42 days.
  4. If the remote email server doesn’t deliver the email within 72 hours, the email will be considered as spam. Future delivery attempts using that sender/recipient combination will be subject to greylisting delays (as per step 1).
  5. Once an email has been accepted, if the 42 day period expires (see step 3), future delivery attempts using that sender/recipient combination will again be subject to greylisting delays (as per step 1).

Greylisting applies to all emails sent to local domains and pass-thru domains listed on the CyberHound Appliance.

Greylist Training

When aCyberHound Appliance is initially deployed and the greylist is empty, all mail will be initially delayed due to greylisting. This can be rather tedious and inconvenient. To ease this situation, a newCyberHound Appliance is configured with a greylist training period of five days. During this period, sender/recipient combinations are added to the greylist database to be immediately accepted in future (similar to step 3 above) and emails are immediately accepted. Once the training period expires, greylisting returns to normal operation. Messages with sender/recipient combinations seen during the training period are automatically accepted as per step 3 above. The training period can be configured if required.

Reverse Learning

If a local or trusted user sends an email through theCyberHound Appliance, it is quite likely that they will receive a reply from the address to which the email was sent. In normal operation, this reply would be subject to greylisting and the arrival of the reply would thus be delayed. To avoid this inconvenience, emails sent from a local user are added to the greylist database with their sender and recipient reversed so that replies will be accepted immediately. That is, replies to emails sent from a local or trusted user skip steps 1 and 2 above.


How do I stop my email being blocked?

The greylist option is available on the CyberHound Appliance under Configuration > SMTP Server. Greylisting should rarely need to be turned off, however. At worst, only the first email with a new sender/recipient will be delayed. Future emails from that combination will be accepted without delay.