Reducing Spam: Greylisting and the Temporality of E-mail
Greylisting and the Temporality of E-mail
In the past few years, as spam has increased to be over 90% of all e-mail sent on the Internet, several solutions have been created to help deal with the problem. At Heluna, we’re proud of our filtering system, and we’re constantly looking at new technology to help our clients see even less spam. We’ve seen quite a few different solutions, some very useful, and some… more interesting ones.
Greylisting falls into the latter category. The basic idea behind greylisting is this: for every message that gets sent to your inbox from a new sender, your mailserver instead places that message into a quarantine. It then sends out an e-mail to the sender, usually with a link to click on, or asking to reply to a specific address, or some other mechanism to have the sender authenticate that they actually sent the message. Once the sender has authenticated, the mailserver releases the original message from the quarantine, delivers it to you, and then places the sender on an approved senders list.
Greylisting advocates and companies are often claiming that their solution provides 100% accuracy. The primary claim is that spammers — even those that use their real e-mail address, rather than a forged address — will never respond to the “challenge” e-mail, and so the message will never make it to your inbox. Additionally, greylisting companies will challenge based upon the originating e-mail server, so even if a spammer manages to forge an e-mail address that is in your approved list, the message will still get challenged — and as a result, will not go through.
This sounds like an enticing solution, one that can prove that a human sent the message, but greylisting also has an incredible amount of shortcomings that, over time, make it much more of a hassle than a benefit.
First: many companies that send out automated e-mails (Yahoo, eBay, Amazon, among others) send each message to you from a custom sender address that changes each time they send you a message. When your greylisting solution responds to that message, these vendors will often treat that as a bounced message, and will take your e-mail address off their list. Imagine following an eBay auction, only to not know when it was ending because the e-mail notice never made it to your inbox.
Next, a vast, vast majority of people will simply never click on the greylisting link (or respond to the greylisting e-mail). It can lead to confusion, lost e-mails, and ultimately manual intervention to add those senders to your approved list yourself. This can be far more of a hassle to deal with on a daily basis, since you will now need to guess at who is sending you messages. Is this even possible? The alternative is to constantly check your quarantine, which defeats the purpose of greylisting.
Last, assuming that people do complete the greylisting challenge, and the message is delivered to your inbox, the timeliness of the e-mail is based upon the sender’s timeliness of checking their e-mail, responding to the message, and then having that message then re-sent to your mailserver. This can introduce an enormous — and in our opinion, unacceptable — delay to the delivery of the original message.
We’re keeping an eye on how greylisting is evolving, but for now, the Heluna service performs extremely well without greylisting.
