Greylisting

What Is Greylisting?

Greylisting is a spam filtering technique where a mail server temporarily rejects email from an unknown sending combination — specifically, an unknown combination of sending IP address, sender address, and recipient address. The server returns a 4xx temporary failure code (not a permanent 5xx rejection), effectively telling the sending server: "I don't recognize you yet; try again later." Legitimate mail servers are designed to retry delivery on 4xx responses. Spam botnets typically don't bother retrying.

How Greylisting Works

When a greylist-enabled server receives an email for the first time from an unfamiliar IP-sender-recipient triplet, it records the triplet and returns a 451 or 450 temporary rejection. If the sending server retries after a short waiting period (typically 5–15 minutes), the triplet is added to a whitelist and the message is accepted. Future messages from the same triplet pass through without delay. The key insight is that real mail servers always retry; spambots usually don't.

Impact on Email Verification

Greylisting is one reason email verification sometimes returns "unknown" results. When a verification service probes a greylist-protected server, the server may return a temporary deferral rather than a definitive accept or reject. A naive verifier might record this as "invalid" — creating a false negative for a real, functioning address. Sophisticated verification platforms like EmailVerify.io handle greylisting by incorporating retry logic and interpreting 4xx responses as "unknown/unverifiable" rather than "invalid."

Impact on Email Campaigns

For most bulk email senders, greylisting at the recipient level is transparent — your ESP's mail servers automatically retry deferred messages. The email may arrive minutes or hours later than expected, but it arrives. For very time-sensitive emails (authentication codes, meeting notifications), the delay introduced by greylisting can be problematic. This is one reason why operational/transactional email often uses dedicated IP infrastructure optimized for fast delivery.

Greylisting Effectiveness

Greylisting was highly effective against spam in the early 2000s when it was widely deployed. Modern spam operations have largely adapted — many now use legitimate mail infrastructure or implement retry logic specifically to defeat greylisting. As a standalone defense, greylisting is less powerful than it once was. Most mail servers that use greylisting combine it with other filtering techniques (reputation lookups, content analysis, authentication checks) for a layered defense.

Distinguishing Greylisting From Blacklisting

If your email is greylisted, delivery is merely deferred — it will typically succeed on retry. If your IP is blacklisted, messages may be permanently rejected (5xx). The error code tells you which situation you're in: 4xx means temporary, 5xx means permanent. Monitor your ESP's delivery logs for patterns of 4xx deferrals from specific domains — persistent greylisting of your IP by many servers can be a signal of reputation issues developing.