Greylisting Announcement
Cal Poly implements an additional form of anti-spam technology called greylisting.
Daily e-mail volume has increased over 85% since winter quarter. And currently, 52% of incoming messages are identified as spam and marked as cpSPAM. This high volume of spam email is bombarding our infrastructure and threatening ITS service levels beyond what we've already seen this academic year. In response to this problem, the university is implementing greylisting in an effort to uphold the integrity of the campus electronic messaging environment, as described in the campus Responsible Use Policy.
For more information, call the Service Desk at 756-7000.
How Does Greylisting Work?
Greylisting blocks spam messages at the SMTP protocol layer-before any filtering techniques are employed. It works by keeping a database of recognized "triplets." A triplet is the combination of an email's sending server's IP address, sender's email address, and recipient's email address.
The first time a new triplet is noted on an incoming email, the email connection is broken and the sending server is asked to try sending the message again. This is a normal process for email servers based on Internet standards. When the Internet email server retries sending the message, the triplet is matched with the original email and the message is delivered after being processed by existing Cal Poly anti-virus and anti-spam systems. The triplet is stored in the greylisting database and thereby marked as valid for future emails.
Greylisting is effective because most bulk email programs transmitting spam never attempt to retry sending the message. They are focused on sending email-not on following email protocol.
Will Greylisting Cause Email Delays?
Greylisting will not cause email sent from Cal Poly severs to be delayed. However, while the database of acceptable addresses is built up, there will be an initial delay for email coming from the Internet. This delay depends upon the sending email server's configuration. The wait will be at least 5 minutes, but may be longer. We are setting user expectations for anywhere between 30 minutes and 24 hours. If a sending email server does not retry sending an email, the message will eventually be bounced to the sender as undeliverable.
For non-Cal Poly emails, each new triplet's delay time will vary according to the configuration of the sending email server. Every Request for Comment (RFC) 821- compliant email server is designed to retry sending mail when an email server is unavailable. The retry time depends on the sending email server's software, administrator settings, and other network-related issues. Most servers retry within 30 minutes. However, there are sites that do not retry-they are running a non-RFC compliant email server-and some sites that take up to 24 hours to retry.
If you suspect an email has been delayed due to greylisting, you can ask the sender to resend the message. The second time the email is sent, the server will recognize the triplet and the email will pass the greylisting test.
How Can I Make Sure I Receive All My Email?
If you are concerned about a specific email server you receive mail from, you may request that a domain be added to the greylisting exceptions list. You may also request a specific Cal Poly email address be removed from the greylisting process. This will allow that email address to receive all email messages-including spam-and is not advised.
To request these modifications, call the ITS Service Desk at 756-7000.
