Stopping the flood of spam – now!
NSG has added a new filtering technique to our mail system software. It is called greylisting and it can drastically reduce the amount of junk mail that reaches your inbox. This filter is currently turned off by default, but if you are interested in finding out more information, please read below for details and instructions for turning it on.
Winning the battle against Spam
(How to get less junk email)
The NSG Email system has offered advanced junk mail and virus filtering to business customers for years. As you probably are aware, we regularly update our mail system software to use the latest techniques in order to keep the amount of junk mail you receive to a minimum, and also to limit the number of false-positives (legitimate messages flagged as spam).
Even though we work diligently to keep the amount of junk mail to a minimum, the spammers are also working behind the scenes, doing their best to come up with different ways to get around the various filters that we put in place. Of course this just doesn’t affect us – it affects everyone with an email address. It is a constant battle, and we are continuing to work hard to come up with new and innovative ways to reduce or eliminate the number of junk emails in your inbox.
Get Less Spam Starting Today!
NSG is proud to announce the latest addition to our Email system – greylisting.
What is greylisting? Greylisting is a technique for dramatically reducing the amount of spam that you receive in your inbox. Traditional spam filters look at messages that you have already received, and compares them to a set of rules to determine if a message qualifies as spam. Typically these rules look at the text, subject, who the message was from, and many other pieces of information. Basically a traditional filter assumes that each message is “innocent until proven guilty.”
Greylisting, on the other hand, assumes that all messages are guilty until proven otherwise. Each time a message arrives at the mail server, the server reviews who the message is to and who the message is from. If the system doesn’t remember seeing a previous message with the exact same to and from addresses, then it returns a “temporary failure” to the mail server that was sending the message and rejects the message. If it does recall seeing a previous message then it accepts the message for delivery, and then runs it through the traditional spam filtering system.
How does this help? It is really quite simple. The vast majority of legitimate mail servers will automatically try to send any rejected messages again. The second time the message is received the greylist server will see that in its history file (it remembers things for up to 2 months), assume it is legit, and pass it on through. What makes the system work is that most spammers typically don’t try to resend messages that are rejected – instead they just assume your email address is bad and move on.
A slight delay means no spam today!
Anyone who sends you email on a regular basis (at least once every 2 months) will be listed in your greylist and will not be rejected by the filter. Your greylist is built and maintained automatically by the system based on who has sent you mail recently.
What happens when someone sends you an email and they aren’t in your greylist (either because this is the first time they have sent you an email, or because they haven’t sent you an email in a long time)? The initial message that they send will be rejected with a “temporary failure” message. The server that was sending the message (assuming it is a legitimate email server) should automatically retry to send that message after a time out period. Typically this timeout is anywhere from a few minutes up to a few hours. The next time that message is received it will be passed on through.
So in exchange for a slight delay in receiving messages from people who don’t send you email very often, you will likely see a dramatic decrease in the amount of junk mail that you receive. Remember, the people most likely to be caught by the filter will be one of the following:
- Someone sending you an email for the first time
- Someone who hasn’t sent you an email within the last 2 months.
Spammers typically don’t retry to send messages when they receive a failure message. Just about everyone else does. That is how the system works. Messages from people sending you an email for the first time (or the first time for a long time) will be delayed slightly (a few minutes up to a few hours) but should otherwise eventually be delivered.
Whitelisting your Greylist
By default, the only people that will be in your greylist will be people who have sent you more than one message within the past two months. However, you should keep in mind that any authenticated user on the same server that sends you an email will not be subject to the greylist filter. What this boils down to is that other people in your company won’t be run through the greylist filter (assuming that they have a similar email address to yours), because they are sending mail through the same server and are providing a valid username and password (something that a spammer won’t be able to do).
If you really need to, you can also whitelist email addresses from your customers or other contacts. Simply login to your email options page and add the desired addresses to the list. People who are on your whitelist will NOT be subjected to the greylist filtering system. Even if you don’t add people to your whitelist you will still be able to receive email from them. However there might be a slight delay the first time they try to send you a message. The whitelist is one way to avoid such delays.
No delays for me, thanks.
What happens if you are you are in a situation where you absolutely can’t live with the slight delays that might be introduced to first time / occasional emailers by the grey listing system? You have a couple of choices:
- Don’t use greylisting! It is currently disabled by default. If you want to use it then you need to turn it on through your email options page. If you can’t live with the potential delays (small as they may be) then don’t use greylisting. However, by not using greylisting your account will be likely to receive far more junk mail than otherwise.
- Use your whitelist. If you have a list of a few critical clients, then simply add them to your whitelist so mail from them will not be subject to the greylisting filter.
Some Automated Emails might be affected
While greylisting is a great way to drastically reduce or eliminate junk mail from your inbox, it can introduce slight delays in receiving messages from people who have not sent you messages within the past 2 months. One such example of this would be if you order something from Amazon.com, or use an automated password recovery tool on a website to email you a new password. Unless you have received other such messages from the same source in the recent past, these messages might be delayed.
Here are some suggestions to help you deal with this:
- If you are expecting an email from someone who you don’t think will be in the recent history of your greylist, then you can add their address to your whitelist.
- Have patience. Remember, most legitimate email servers will automatically retry after a brief timeout.
- You can use your email options page to disable greylisting (either temporarily or permanently) until you receive the expected message(s).
- Maybe one of the reasons you have been getting so much spam in the first place is because you keep giving out your primary email address to every company and website that asks for it. It might be worth considering setting up a secondary email account with a free service (such as Google or Yahoo). Whenever anyone asks you for your email address, and you aren’t 100% certain that you want them to have it, use your secondary email address. That way you avoid getting your main address on spam lists in the first place.
Ultimately, the choice of whether or not to use greylisting is up to you. It is currently enabled by default on all accounts. However, you can change disable it if you prefer, but keep in mind that Greylisting is extremely effective at reducing or eliminating junk mail from your inbox.
You can enable or disable greylisting by logging in to your email options page, located here:
From there click on "Manage Junk Filter Settings."
From that screen you will need to scroll down to the section called "Greylisting (Advanced Junk filtering)". That section will contain a link to allow you to enable/disable greylisting for your account.
If you decide to give greylisting a try, you should be aware of the following things:
- Do NOT do a wildcard whitelist for your entire domain. For instance, if your email address is firstname.lastname@example.org, do NOT whitelist *@example.com as that will largely defeat the benefits of greylisting by giving spammers a clear path to your inbox. Remember that other people at your domain should be sending email via authenticated SMTP which gives them a free pass through the spam filter. The only thing that whitelisting your entire domain does is give spammers a free pass as well.
- Make sure you enable greylisting for all of your email aliases! For instance, if your email address is email@example.com but you also have an alias for firstname.lastname@example.org that forwards to your main account, you should also enable greylisting for the alias. If you don’t, then you might still receive a lot of junk mail via your alias.