Greylisting is Flawed

Greylisting is a technique used by some e-mail providers to reduce spam. The process behind it is quite simple: when an e-mail is received, notify the sending mail server that the e-mail needs to be resent (i.e. temporarily rejected), and once the second copy has been received let it pass through to the user's inbox. The theory is that spammers won't bother to resend the e-mail a second time while legitimate senders will.

All fine and dandy, right? Not so fast. The flaw with greylisting is that it assumes that legitimate e-mail senders will send a second copy when prompted to do so. The problem is that within just one week of using greylisting (which my e-mail provider recently activated) I've already discovered that e-mails from Google are not getting to me. In particular, news alerts that I configured and opted-in for are disappearing.

I've concluded this by conducting a multi-day experiment. When greylisting is on, no alerts. When greylisting is off, alerts resume. I flipped the switch on and off a few times over several days and the results were consistent every time. Why isn't Google playing along? I don't know. Perhaps it's because greylisting in effect doubles the processing and bandwidth required since every e-mail needs to be transmitted twice. There's probably a way for me to whitelist a bunch of senders, but that seems cumbersome and puts the onus on me to figure out who should be whitelisted. Thanks, but no.

If you're interested in learning more, you can check out Greylisting.org. The site isn't as deep as I'd like it to be, but it does have links to other articles that are as good a starting point as any. I'll be sticking with my current anti-spam solution which so far is successful at identifying spam around 95% of the time.