FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
GabrielAuYong_FTNT
Description

This article provides an explanation of greylisting.


Scope

All FortiMail


Solution
Greylist scanning blocks spam based on the behavior of the sending server, rather than the content of the messages. When receiving an email from an unknown server, the FortiMail unit will temporarily reject the message. If the mail is legitimate, the originating server will try to send it again later (RFC 2821), at which time the FortiMail unit will accept it. Spammers will typically abandon further delivery attempts in order to maximize spam throughput.

Advantages of greylisting include:
Greylisting is low-maintenance, and does not require the manual maintenance of IP address lists, black lists or white lists, or word lists. The FortiMail unit automatically obtains and maintains the required information.
 
Spam blocked by greylisting never undergoes other antispam scans. This can save significant amounts of processing and storage resources. For this reason, enabling greylisting can improve FortiMail performance.
 
Even if a spammer adapts to greylisting by retrying to send spam, the greylist delay period can allow time for FortiGuard Antispam and DNSBL servers to discover and blacklist the spam source. By the time that the spammer finally succeeds in sending the email, other antispam scans are more likely to recognize it as spam.

Contributors