1 / 9

Greylisting: The New Fight Against Spam

Greylisting: The New Fight Against Spam. Ted Matsumura May 21, 2005.

fifi
Download Presentation

Greylisting: The New Fight Against Spam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Greylisting:The New Fight Against Spam Ted Matsumura May 21, 2005

  2. What is Greylisting?Greylisting is a general method of blocking spam based on a) the behavior of the sending server, and b) the relationship of the sending host, sending address, and recipient address.Greylisting does not care about the content in the messages.There is no single Greylisting product.It must run on the mail server at the MTA (Message Transfer Agent) level.

  3. How does Greylisting work?First, it takes a look at 3 pieces of data in the mail:1. The IP Address of host attempting delivery2. The Envelope Sender Address3. The Envelope Recipient AddressFrom this data, a unique triplet for identifying a mail relationship is established.

  4. What Next?With this data, we simply follow one basic rule, which is: If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.

  5. How is the Greylisting rule implemented?Since SMTP is considered an unreliable transport, the possibility of temporary failures is built into the core spec (RFC 821). As such, any well behaved MTA should attempt retries if given an appropriate temporary failure code for a delivery attempt.

  6. Why is Greylisting effective?Because the vast majority of spam appears to be sent from applications designed specifically for spamming. These applications appear to adopt the "fire-and-forget" methodology. That is, they attempt to send the spam to one or several MX hosts for a domain, but then never attempt a true retry as a real MTA would.

  7. Greylisting Advantages:1. It requires less processor and storage requirements on the mail server by storing fewer emails, and by not needing to scan the contents of messages.2. It is extremely effective in blocking spam sent by “fire-and-forget” spam methods.

  8. Greylisting Disadvantages:1. It causes a delay in reception of messages from new senders and new domains. This may be unacceptable, as in the case of password re-sends, etc. and may require the need for manual or user application whitelisting.2. It expects the sending host to be “well behaved” and to adhere to the SMTP RFC’ s, specifically regarding the use of null senders.

  9. Summary of Greylisting: It is an extremely effective (est. 95% effective in trials since 2003) method of reducing spam and email-based viruses.It requires less processor and storage requirements on the email server than many other spam blocking techniques.The inherent delay and the required resend from non “well-behaved” sending email servers and mailing list applications may potentially result in lost or delayed mail.The ability to set initial delays of unknown triplets, time to pass, and lifetime of auto-whitelisted triplets needs to be fine-tuned to work effectively.Main Resource Link for this presentation:http://projects.puremagic.com/greylisting/whitepaper.html

More Related