|
|
|
Home >
Help Files >
Email >
Greylisting
GreylistingModified from TAMU Greylisting FAQ
How is DECF implementing greylisting?Since this is a new technology, DECF will like to implement greylisting in several phases. Though our plan may change depending on user input/feedback and any problems that arise. Please revist this page for revised implementation schedule. Greylisting statistics
Updated 9/22/05 We will solicit beta testers who would like to try greylisting. Greylisting will be in effect for these users on 1 of our 2 spam scanning machines. Since incoming email could be routed through either machine, not all SPAM will be subjected to greylisting. Greylisting in effect on both scanner machines for users in Phase #1 Greylisting in effect for both scanner machines for following users: Greylisting will be in effect on an opt-out basis for the following email addresses. Greylisting in effect on both scanner machines for additional domains served by DECF. Domains to be determined and added on a week by week basis.user@mechatro2.me.berkeley.edu user@newton.me.berkeley.edu user@maxwell.berkeley.edu Greylisting put into production for the following domains:me.berkeley.edu (2/11/06, server #1) me.berkeley.edu (2/18/06, server #2) queue.ieor.berkeley.edu (2/18/06, server #2) queue.ieor.berkeley.edu (2/25/06, server #1) ieor.berkele..edu (2/25/06, server #2) ce.berkeley.edu (2/25/06, server #2) ieor.berkeley.edu (3/4/06, server #1) ce.berkeley.edu (3/4/06, server #1) newton.berkeley.edu (3/4/06, server #2) newton.berkeley.edu (3/11/06, server #1) everyone else (3/18/06, server #1 & #2)All other servers (3/10/06) What is greylisting?Greylisting is related to whitelisting and blacklisting. It is a new way for reducing SPAM. Many universities (UCSD, UC Irvine, Virginia Tech, Texas AMU, Cal Poly, to name a few) are now implementing greylisting and it appears that that there is a substantial reduction of SPAM, sometimes as high as 75%. Since more than 50% of our incoming messages are SPAM, this is a substantial reduction.Can I opt out?Yes. Simply send an email to consult@newton.berkeley.edu with the subject line "Greylisting Opt-out".How does greylisting work?Three pieces of information are collected for each incoming email.
The filter will always reject mail temporarily on a first attempt, then accept it after 5 minute has elapsed. Once the message has been accepted, any future message with matching information is delivered, no further delays will be imposed for 4 days.This, in the short run, means that all greylisted mail gets delayed at least until the sender tries again. If the message does not get redelivered by the remote host, then it's added to the greylist database and all future emails with the same triplet will be denied for 1 day. Greylisting works by assuming that, unlike properly configured mail servers, spam engines will not retry sending their junk mail on a temporary error. Why does greylisting work?According to the internet specification, when a mail server receives a "400-level" error, it must queue the e-mail message and try later to deliver it. For legitimate e-mail, this process is standard and mandatory. Properly configured mail servers will redeliver their messages appropriately and greylisting should not represent a delivery challenge to them. Because SPAMmers send hundreds of thousands of e-mails per day to addresses they do not know to be working, they generate a large number of bounced messages. Acknowledging server responses for these messages, storing the messages on a server for some period of time, and redelivering them again represents for SPAMmers a resource-intensive process that might very well not return sales of their products or services. As a result, they intentionally misconfigure their mail servers. By requiring that every incoming e-mail message to the University originate from a properly configured mail server, most SPAM is filtered. Note: Some SPAMmers have started to configure their servers according to specifications, and therefore some SPAM may continue to enter the University, but at a dramatically reduced rate. Will I see a dramatic decrease in spam?Maybe. It all depends on where your spam is coming from. Greylisting is being used to reject mail from spammer mail servers. However, a lot of our users forward email from other campus accounts. Since campus email servers are usually legitimate email servers, if these servers are forwarding spam to us, there's no way we can reject these.Will my e-mail to be delayed?Emails put on a "whitelist" will not be delayed. These hosts include all emails that originate from all UC Berkeley network, and known servers that do have problems with greylisting (hotmail.com, amazon.com, aol.com, to name a few). E-mail affected by greylisting will be delayed a minimum of 5 minutes . This is the delay interval required by the SMTP servers in order to prevent immediate redelivery by already-connected SPAM servers. The message may be redelivered without challenge by the servers for up to 4 days. After that time, the original record of the message is destroyed and the challenge/redelivery process must begin again. Internet specifications suggest that messages temporarily refused be redelivered within 4 hours, and most servers are configured to retry in far less time - often on the order of 5 minutes. The specific delay will depend on the configuration of the sender's e-mail servers If the e-mail message is not received within a few hours:
Is it possible for my email to get lost?No. The email will either be delivered to it's final destination, or will be bounced back to the person who sent it originally. If the email gets returned to the sender. They may resend it manually. This will also complete the triplet and allow future emails to be successful. If an email that was supposed to go to you is bounced back to the sender, please email consult@newton.berkeley.edu to request a whitelisting of the sender.What are the limitations and problems with greylistingThere are mail servers which do not retry delivery, do not retry soon enough, retry too soon then give up, and some which just ignore the temp fail (451) message we sent and try to deliver the message anyway. Others misinterpret the 451 error and return a fatal delivery error to the sender. All such mail servers are improperly configured (not in keeping with internet standards) and they will have to be fixed by their owners to prevent further communication difficulty. Luckily there are few such mail servers. There are also ISPs and such that use pooled outbound relays, these retry mail from a set of IP addresses, so the "try" and "retry" may well originate from separate systems. They will get through eventually, but we whitelist any that we can find out about so that they won't be delayed.Should I worry about the privacy of my e-mail because of greylisting?No. There are many reasons to assume that unencrypted e-mail is not private, but greylisting is not one of them. The SMTP servers only record information that is used to deliver every e-mail message, and this information is captured before the content of the e-mail is received. However, e-mail is delivered across a vast network of servers on the internet, any of which can potentially capture and copy the data passing through them. You might never have an indication that your e-mail is being read in cases like these. There is no reason to assume that all - or even many - e-mail messages are being read in this way by malicious internet hosts. If privacy is a concern, there are several simple encryption methods that you can use to protect your e-mail messages. HDC is documenting several of these and this page will be updated with a link to those instructions as soon as they are available. Where can I find more technical information about greylisting?There are several resources available to get more information about greylisting. Here are some: |
|
© |