Greylisting is an interesting idea that comes from the world of mail servers. It’s a system used to combat SPAM that’s quite ingenious, and at least on my mail server, is 99% effective. It’s very effective at blocking SPAM for three reasons:
- The internet protocol used for sending mail (SMTP) is quite complex. Most spammers don’t have the time to write complete mail servers, they instead take shortcuts to cover the majority of cases.
- Spam is about turning computer time into money. Spammers send out millions of mails per day, so if you increase the cost (in time) of sending mail, than you make spamming less attractive.
- While both whitelisting and blacklisting require humans to maintain lists of good and bad servers, greylisting is completely automated. Since it’s automated, it’s easy to use.
They way greylisting works is by keeping a database of people sending mail to your server. For each mail it receives, it looks at three things:
- The person sending the mail
- The person receiving the mail
- The computer performing the delivery.
If the server doesn’t already recognize all three of these properties, it responds with an error that tells the sender to try back a little bit later. Real email servers will try again shortly, usually in less than 15 minutes. A good number of spammers are stopped right here because their spam tools don’t handle this case. When the real server tries again, this time the mail will just pass right through and be delivered.
That’s it! That’s the magic of it all. For any mail coming from people that your users already know, there’s no wait; they don’t see any difference, and mail just keeps coming in. The first time someone sends a mail to your users, there will be a short wait, normally less than 15 minutes, and since mail isn’t guaranteed to be immediate, most people don’t notice the difference.
Now on top of greylisting, people often throw in Tarpitting). A tarpit in computers is something that slows down the server, so the server responds more slowly, as if it were under a heavy load. When combined with greylisting, this means that each mail coming from a new source costs the sender a whole lot more in computer time. In the case of someone who will be sending you mails regularly, this one-time cost is quickly amortized, costing the sender nothing in the long run. Spammers, however, who depend on sending millions of unique mails, see this cost with each email they send, and so your server becomes an unattractive target.
How does this relate to comments, you may ask? Well, I’ve written a a greylisting/tarpitting Django-app for this and patched the code for this blog to use it. For now, you can download it here: http://douglas.mayle.org/files/greylist.tgz
If you’d like the patch to enable this for your byteflow blog, it’s available at Byteflow Trac Ticket #93