Greylisting of Messages to Unknown Recipients

Posted on December 28, 2012 by

In order to improve the efficiency of our service, we will be making a change to the default handling for messages sent to unknown recipients.

As background, there are currently three options for handling an inbound message sent to an email address that is not known to our service:

1)  block the message and generate an NDR (bounce message) to the sender
2)  accept the message but then silently delete it
3)  pass the message through, without spam or virus filtering, to the customer mail server

We strongly recommend the first option.  This is the best protection against spam runs and denial of service attacks, and guarantees that all messages received by the GFI service will be filtered before being delivered to the customer.  The second option provides similar defense, with the disadvantage that no bounce message is generated in the event a message is “legitimately” sent to an incorrect email address (such as a typo on the part of the sender).

In cases where our service is unaware of all of the valid email addresses for a domain, an administrator may choose the “pass through unfiltered” option.  This option requires our service to connect to the customer’s mail server to determine whether or not the recipient address for a given message is valid.  Our service will then accept and deliver that message, dependent on the response from the customer mail server.  This represents a potential vulnerability, since a spam run at sufficient scale could tax the resources available on the customer mail server to validate addresses, and our service must also allocate resources to solicit and wait for those responses.

As a first step towards addressing this, effective beginning Thursday, January 10, our service will automatically greylist messages sent to unknown addresses for domains with the pass-through unfiltered option.

The advantage of this change is that it will safely block up to 50% of spam messages for those mailboxes, while also making our service more efficient.  However, customers who have not provided their email addresses to the service and are using the pass-through option, will experience the initial greylisting delay for messages from new senders.

Thousands of customers already have greylisting in effect for known recipient addresses and this change will have no impact on those domains.

The updated default handling for messages to unknown addresses will also have no impact on customers who follow the recommended approach – which is to ensure that the valid email addresses for a domain are known to our service, and to configure our service to block all messages to unknown (and therefore bogus) recipient addresses.

This change is also being made as a first step towards the implementation of an optional automatic addition of email addresses to the service, based on legitimate inbound and/or outbound mail flow.  More details regarding the auto-addition of email addresses to the service will be provided as that feature comes closer to fruition.

If you have any questions, please do not hesitate to contact our support team.

Thanks for your attention.

This entry was posted in Mail Assure. Bookmark the permalink.