Blacklisting/Greytrapping & Whitelisting

Blacklisting & Whitelisting to bypass greylisting delays

Blacklisting
and greytrapping

Introduction

This feature though called blacklisting also stands for whitelisting. But there is a reason for calling it only blacklisting. It is only when you blacklist known sources of spam or when that happens automatically that the greytrapping occurs and we punish spam senders instead of allowing them to send mail to our mail servers.

The blacklisted mail source IP addresses are never allowed to communicate with the real mail server and by employing a firewall rule inside SpamCheetah these mischief mongers are permanently held in a loop of rejections, rejections and still more rejections.

This can be a necessary component of greylisting but this can also be used independently to look at the world as black and white and no grey, nothing in between. So no mail delays, only stop some blacklisted hosts, allow all other senders not known to be bad to talk to mail server.

This configuration is done in this screen as shown below. And you can simply slide the toggle and you can verify this in dashboard as well as in licensing page if the current mode is blacklist only.

Setup  Blacklisting

In addition to being effective at not only fighting spam but also at reducing spam sent to other targets by squeezing their resources this serves as a good safety net for us. If more and more mail sites run this then spammers will be really affected.

How does greytrapping work?

To properly understand greytrapping or blacklisting we must first know a thing or two about reputation of mail servers.

Mail servers are often found in RBLs or other such blacklist sources and are known to be sending spam worldwide. This is often updated dynamically and several API services tell you the same.

Blacklisting is leveraging this information to further hurt spammers and not allow them to communicate with your mail server since in any case they are not going to do you any good.

The entire idea hinges on the fact that this list that the RBL database furnishes is dynamically updated and accounts for churn in which new IP addresses show up and old ones that mend their behaviors are removed.

This video will help you understand stuttering. In case of blacklisted IP addresses their communication is always rejected like this.

Stuttering video

Can you drop legitimate mails?

Since the RBL databases are often very accurate as millions of sites worldwide rely on it, the accuracy of blacklist IP sources can be treated as above question/suspicion.

However nothing is ever perfect and in an imperfect world mistakes do happen but SMTP being what it is, eventually the mail does get delivered.

So chances of you missing a mail due to blacklisting is very minor if at all. In case there is a problem there are ways to address them.

How often are spammers updated?

The RBL lists are updated based on the source of RBL information. SpamCheetah queries the database for each connection, so in our case the information is as current as they can get.

After the query the IP address is held in a cache in case the RBL is clear for the IP address. This helps speed things up with a risk that future blacklisting of this IP address is not detected quickly.

You can manually blacklist any IP address using the web interface of SpamCheetah. See the screenshot below for more information.

Blacklisting and greytrapping

Whitelisting

Whitelisting is the reverse of blacklisting as must be obvious from the English meaning. Whitelisting an IP address makes SpamCheetah bypass greylisting and makes the IP address talk to the real mail server instantly and mail delivery is instant.

Whitelisting is very nice in which if you manually enter any number of good known mail senders SpamCheetah bypasses greylisting entirely for them and implicit trust is established. But if you go wrong then you may get spam.

Here is a screen from the SpamCheetah web interface where you can edit whitelist entries.

Whitelisting
Blacklisting is a method to hurt spammers that prevents them from ever getting past SpamCheetah.They will never be able to get in touch with real mail server. Whitelisting is the reverse in which you talk to the real mail server instantly.

Blacklisting is a feature to never allow known spam sources from talking to our mail server.

You can manually intervene and SpamCheetah's web interface allows you to blacklist or whitelist IP addresses directly but if you get it wrong you may get spam or lose legitimate mail. You can mostly identify the sending IP address from the Received header at top of mail in expanded header view in most mail clients.

In general however it is best to let SpamCheetah take care of this dirty job for you. There is nothing to configure in most cases and you have either the Blacklist only mode or Greylisting modewhere this matters. Screenshot to guide where in web interface to configure this. It is in the greylisting menu on left side, first tab.

Greylist
menu

If you click at the slide toggle for blacklist only mode then greylisting does not happen, so no delays. But known spam senders are hurt and never allowed to talk to mail server.

There are several knobs in configuring SpamCheetah. So what suits your environment you can discover as and when you glean experience with the product. Moreover SpamCheetah needs time to learn your network as well and for the greylisting and whitelisting databases to settle down.

What about whitelisting?

Whitelisting is the ability to not make the mail sender suffer pangs of greylisting or delays to make it deliver mail straight to us. This is very effective in case of known good sources of legitimate mail. Usually the entire spf range of known cloud providers, big companies like Gmail, hotmail, yahoo are in the whitelist. But you can also add them and greylisting leads to plenty of hosts being added to this as well. But thought blacklisting is usually permanent whitelisting is not.

The Internet world is in a constant state of flux with several new domain coming into existence, and spammers are constantly tweaking their algorithms and strategies, they lose old assets, acquire new ones. So the whitelisted entries are typically valid for 864 hours or 36 days. But SpamCheetah maintains other whitelists that are not arrived at through greylisting, those are permanent.

For a host to survive greylisting is not big deal if it is a genuine player and abides by SMTP standards and protocols. One of the most important features that many will miss unless sound at networking is that this feature of blacklisting actually saves bandwidth. By not allowing RBL listed or bad hosts from talking to mail servers or allowing them to deliver mail and by deliberately stuttering their responses sending one character per second or still slower we are wasting their time just like they waste our network resources sending out spam mails.

Most of the spam mails contain content that are selling some kind of private organ enhancement or some Nigerian widow scam or some bank transfer scam or some such. A small proportion could be phishing in which they want to steal money from you without your knowledge.

But if your greed or cooperation is used and then you get siphoned off that is the usual category of spam. Their text is often poorly constructed, perhaps deliberately filled with spelling errors, they fail HTML tag verification checks.

To be able to avoid such annoyances from reaching your inbox using blacklisting is a boon indeed no?

Blacklisting

Duration: 3:29 min
Related pages