Monday, August 29, 2011

Gray Listing Spam Blockers

Large e-mail service providers, such as Gmail, have the ability to crowd-source identifying spam since they have millions of users which results in few false positives. But, what do you use if you're a small time e-mail service provider?

A poor-man's technique to stop spam is called gray listing.

Here's one implementation of how it works...

If the gray listing e-mail service provider hasn't received any e-mails from the sender recently (say, within the last two weeks) they will tell the sender's mail server to try again later. This isn't a problem since the e-mail protocol (SMTP) is designed to keep trying for a couple days before giving up.

As long as the sending mail server waits a small amount of time (say, ten minutes) before trying again, then the e-mail will go through on the second attempt. If the sender has recently sent an e-mail to the recipient's e-mail address then the e-mail goes through on the first try since the sender's e-mail address is on the gray list. (The e-mail is black listed first, then it's white listed. Black + White = Gray)

Because of how this works, users sometimes notice the first two e-mails, sent from the same person (who hasn't sent an e-mail in the past two weeks) may be delivered out of order if the e-mails are sent within a few minutes of each other. (I've personally seen this happen, but it's rare.)

The reason that gray listing works so well is that spammers rarely configure their servers to try to deliver an e-mail more than once. If spammers did configure their e-mail servers to try multiple times then their spam servers would be overwhelmed.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.