Between blacklisting and whitelisting is a sort of interim strategy called greylisting (also known as graylisting). Greylisting involves exploiting a behavior to which RFC-compliant mail servers are supposed to adhere -- and to which spammers rarely do.
How greylisting works
When a mail server connects to your mail server to send a given piece of email for the first time, a greylist notes the IP address and the email is rejected with a "Try Again Later" warning. If the server at the other end is running in compliance with the RFC standards for email, it'll try again later as it's just been instructed to.
The next time that server tries to deliver the email, your server will mark that server as "good" and allow future deliveries. On the other hand, many spammers will simply abandon any future delivery attempts after seeing the "Try Again Later" warning, since they typically just want to blast out as many emails as they can without retrying.
Also, during the retry period -- typically an hour or so -- there's a chance that the spammer's IP will be blocked by more conventional antispam techniques. In a way, greylisting is a little like a selective tarpitting scheme.
Programmer Chris J. has written a freeware greylist for Exchange Server, now called JEP(S). This application offers Exchange Server administrators a no-cost option for implementing and testing the effectiveness of greylisting as a spam-fighting mechanism.
The program installs as a .DLL that hooks into Exchange Server's SMTP service, and allows administrative control over the list of IP addresses tracked by the .DLL (so specific addresses can be manually added or removed).
Much of the effectiveness of greylisting is admittedly anecdotal. It's not something that can be recommended as a blanket solution, and it probably won't be a permanent one either. But the anecdotes are interesting: Chris's own experiences with greylisting cut down his spam load from about 4,000 messages a day to almost zero with no other changes.
About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.
JEP(S) is the new version of Greylist for Exchange. The name was changed because "Greylist for Exchange" was confusing to a lot of people. Also, it's now a commercial product instead of just an interesting project.
As before, the software is available in a free version and a licensed version. The free version is totally free without any time limit or spyware and such. New functionality includes: tarpitting, RBL, RWL, auto whitelisting, separate real-time monitor utility, and it supports IIS SMTP as well as Exchange 2000 and 2003.
Licensing: For free (advanced functions disabled), full 30-day trial license (on website), and the full license is 205 USD/149 Euro.
Christoffer Järnåker, Proxmea
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:
Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.
This was first published in March 2007