Launch: Greylisting, Version 1.0

We recently launched the first version of our selective greylisting system. Here is a definition of greylisting from Wikipedia:
“Greylisting is a simple method of defending electronic mail users against email spam. In short, a mail transfer agent which uses greylisting will “temporarily reject” any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again to send it later, at which time the destination will accept it. If the mail is from a spammer, it will probably not be retried. Greylisting is designed as a complement to existing defenses against spam, and not as a replacement.”
Go here for the full definition from Wikipedia.
When we launched, we started by only greylisting incoming mail that is sent to our backup and secondary mail servers and catch-all email accounts. There was an immediate positive impact.
Last week we rolled out a bit more greylisting that applies to mail that is sent from dynamic IP ranges such as computers connected behind DSL and Cable networks, any network that does not have valid reverse DNS records set up, or any server that identifies itself (HELO) with an invalid hostname such a non-fully qualified domain name or an IP address. This made even more of a positive impact on our spam defenses.
In a few weeks, customers will have the option to turn on greylisting for all mail they receive from new sources (this will be disabled by default). They will also have advance whitelisting capabilities for greylisting. These options will be located on the spam preferences pages both in webmail and in the control panel. We are also adding more intelligence to the greylisting system so that once a sender’s server has proven to consistently pass greylisting, future mail will skip greylisting.
As an FYI, much of this system was built around a great open-source project called Policyd.

Rack Blogger is our catchall blog byline, subbed in when a Racker author moves on, or used when we publish a guest post. You can email Rack Blogger at


  1. Before reading this entry, I did notice that a few weeks ago my daily spams dropped from 15 to 2 or 3. Suspecting greylisting, I did some tests against your MXs that confirmed it.

    It seems to work great already, but keep up the tuning!

    Do you use much RBL checking as well? Before moving to, my own system filtered 150 spams a day using SpamAssassin, when moving to, the amount making it into my spam folder drop tenfold. I can only guess it must be RBL checks…


Please enter your comment!
Please enter your name here