You may have read our recent blog on blacklisting, but do you know what greylisting is?

Greylisting (like blacklisting) is a popular technique for blocking spam emails. Blacklisting relies heavily on automated computer programs that programmatically analyse email traffic, to determine the probability of messages being spammy. These programs/bots aren’t perfect and can make mistakes, tagging legitimate content as SPAM. In the event of a legitimate email being marked as SPAM, these bots rarely retry to send the email.

This is where greylisting differs from blacklisting. In greylisting, if the originating server is legitimate but the email has been rejected due to some error, it will attempt to resend the email after some delay rather than rejecting the mail altogether.

In this way, an advantage of greylisting is that there is a considerably lower false positive rate when compared to blacklisting, meaning it is much less likely to block legitimate emails.

However, emails from a new (and unrecognised) sender could be delayed for a long period of time. In extreme cases, the delay could be up to two hours. However, after the email from this new sender has been accepted, all future sends will go through immediately.

How does it work?
When learning about greylisting, it’s common to hear the phrase “triplet”. This phrase refers to the three components greylisting uses to identify a sender-recipient pair. These three components are:

  1. The sender email address
  2. The recipient email address
  3. The connecting IP address

In greylisting, email communications coming from a never-before-seen triplet will be initially rejected with a temporary error code given by the receiving server. The receiving server will store a collection of these new triplets for some time. How long they are stored for is configurable by you.

If this new triplet retries to send the email (as greylisting is enabled), the receiving server will accept it on this new attempt as it now recognises it from its store. In the future, if this triplet sends an email again, it will be accepted straight away. However, if the triplet attempts to retry the send after is has “expired” from the receiving servers store, the mail will be delayed again.

Let’s take a look at an example of greylisting in action:

  1. A SPAM bot ( sends an email to using the IP
  2. The email is rejected with a temporary error code.
  3. The bot does not try to resend the email after receiving the error code and instead goes on to try and send the SPAM to another recipient.
  4. A legitimate sender ( sends an email to using the IP
  5. Initially, the email is rejected as it is from a new triplet and is not recognised. The triplet is added to the store of new triplets identified.
  6. The sending server will then try and resend the email after a configurable amount of time as it is a legitimate email.
  7. The email is then accepted on this second time as the server recognises the new triplet from its store.

You can find more information on email delivery here.

We hope you found this blog informative. If you need help with your email marketing, please get in touch with us at or call our office and speak with one of our friendly reps on + 44 (0) 208 863 5334.