What is Greylisting?

Definition

Greylisting is a spam-filtering method applied by a mail transfer agent, the software that receives email on behalf of a domain. When a message arrives from a sender the receiving server does not recognize, the server does not accept the message and does not reject it outright. Instead it issues a temporary rejection and effectively says, please call back later.

The name captures the logic. A blocklist is a hard no and an allowlist is a hard yes, so greylisting sits in between as a deliberate maybe. The receiving server withholds judgment on the first contact and waits to see what the sender does next. A well-behaved sender retries, as the email standards require, and earns acceptance. A sender that abandons the message after one failed attempt never gets through.

Greylisting works because of an asymmetry in how senders behave. Properly configured mail servers treat a temporary failure as a normal event and queue the message for another attempt, because transient problems are common in email. Many bulk spam operations, by contrast, are built for one-shot delivery at high speed and do not maintain a retry queue, so a temporary rejection is enough to make that spam disappear. Greylisting turns a basic requirement of the email protocol into a low-cost filter.

How It Works

When a message arrives, the greylisting server records three pieces of information, commonly called the triplet: the IP address of the sending server, the sender's email address, and the recipient's email address. It checks whether it has seen this exact triplet before. If it has not, the server responds with a temporary failure using a 4xx SMTP reply code, frequently a 451, which under the email standard means try again later rather than give up. The specific code and wording vary by mail server software.

The sending server now has a choice. A legitimate server treats the 4xx response as a transient error, keeps the message in its outbound queue, and schedules a retry. The email standards specify a retry interval of at least thirty minutes and a give-up time of several days, but real implementations differ widely. Sendmail retries after about fifteen minutes, Postfix after roughly sixteen and a half minutes, and Microsoft Exchange follows its own schedule. When the retry arrives and enough time has passed, the server sees a familiar triplet and accepts the message. Many greylisting systems then add the triplet, or the sending IP, to an automatic allowlist so future mail is delivered without delay.

To reduce false rejections, modern greylisting is more forgiving than the strict triplet model. Large senders deliver from pools of servers, so a retry can legitimately come from a different IP than the first attempt. To handle this, many systems treat addresses in the same network block as equivalent, or use the sender's SPF record to recognize an entire authorized sending pool, so a retry from any server in that pool counts as the same sender.

Why It Matters for Email Deliverability

For most senders, greylisting is a delay rather than a barrier. A reputable email platform retries correctly, so a greylisted message simply arrives a little later, typically around fifteen minutes after the first attempt. The trade-off receiving servers accept is a modest delay on first contact in exchange for filtering a meaningful share of low-effort spam before it ever reaches a mailbox.

The delay does become a real problem for time-sensitive mail. Password reset links, one-time verification codes, and order confirmations are often expected within seconds, and a fifteen-minute greylisting delay can cause a reset link to expire or a customer to assume the message is lost and try again. Greylisting can also misfire when a sending pool is poorly configured, when retries come from servers outside the recognized network range, or when a domain's multiple MX servers apply inconsistent greylisting policies, so a retry hits a different server with no memory of the first attempt.

Greylisting also matters for anyone verifying email addresses, and this is where it intersects with list quality. When a verification service opens an SMTP connection to a greylisting server for the first time, it can receive a 4xx temporary rejection before the server has confirmed whether the mailbox exists. The server has neither accepted nor denied the address, so a single attempt cannot produce a definitive valid or invalid result. A verifier that does not account for greylisting may simply mark the address as unknown, which is why handling greylisting properly is part of accurate verification rather than an edge case.

How VeriMails Handles It

VeriMails is built to recognize greylisting during the SMTP stage of verification rather than be defeated by it. When VeriMails performs its live SMTP handshake against a recipient mail server and receives a 4xx temporary rejection consistent with greylisting, it does not treat that single response as a final answer. The verification logic distinguishes a temporary deferral from a permanent rejection, so a greylisting server is not mistaken for a dead mailbox.

This handling is one reason VeriMails returns clearer results when a server applies greylisting. The aim is to return a clear, dependable result, valid, invalid, catch-all, or another defined status, rather than a vague unknown whenever a server applies greylisting. Greylisting is just one of several real-world server behaviors VeriMails accounts for so that its results reflect genuine deliverability instead of the quirks of a particular mail server. VeriMails reports clear deliverability signals and does not assign vague numeric scores.

You can run verification through the VeriMails REST API for real-time checks or upload a CSV for bulk verification of an entire list. Verifying your addresses before a send means greylisting only ever delays mail to recipients who were genuinely deliverable in the first place, instead of compounding the problem on a list full of invalid addresses. Verification starts at $0.0019 per email, with 10,000 credits for $19, and subscription plans begin at $15 per month. Every new account includes 100 free credits with no credit card required, and those credits never expire.

Frequently Asked Questions