Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Mac support 
 » Linux support 
 » Windows PC support 

Corvid — cmuScsFullGreyListing Attribute

Also Known As

Implemented internally in LDAP by the cmuScsFullGreyListing attribute, this feature is also known as:
  • GreyListing Flag
  • Grey Listing Flag
  • Gray Listing Flag
  • Full Grey Listing Flag
  • Full Gray Listing Flag
The convoluted attribute name distinguishes the currently implemented strong form of greylisting from potential, weaker forms that might later emerge as, say "pale gray listing."

Description

Grey listing, in general, is a technique used to reduce the amount of spam reaching a user's mailboxes. When a user's cmuScsFullGreyListing attribute is set to TRUE, email from an unfamiliar site with an unfamiliar envelope from address will fail for a brief interval.

The attribute can take one of three values:

  • TRUE - Greylisting is enabled for this account
  • FALSE - Greylisting is not enabled for this account
  • Not Set - Greylisting is not enabled for this account

The email transfer protocol is quite specific in allowing temporary or transient failures. A transient error might occur if the system is running low on free disk space, or is temporarily overloaded with email to deliver. When a reputable sending agent tries to deliver email and recieves a temporary ailure, it will normally:

  • Try other ways to deliver the email, and if that fails ...
  • ... try again at a later time, typically within 5 to 30 minutes
  • If after several days of trying, the agent still cannot deliver the mail, it returns the message to the sender

The premise of Greylisting is that normal and reputable email transfer agents behave reasonably: They will retry upon receiving a temporary failure. Greylisting takes advantage of this retry capability and forces the mail system to return a temporary failure for email patterns that have no established reputation.

The key observation is that spammers are not reasonable. Indeed, spammers focus much more on quantity than on quality of delivery. They will often not retry sending email after an initial temporary failure response.

Once a "reputation" is established, after the initial failure delay, subsequent emails can usually be handled with no further delay. A reputation incorporates:

  • The sender's IP Address
  • The sender's envelope email address
  • The recipient's envelope email address
These three items, along with the time of the email requests, are all that the receiving server stores about an attempt. When Greylisting is enabled, the attempt to send an email is temporarily failed the first time the above triplet is encountered. Subsequent tries for the next few minutes are also temporarily failed. Then for the next few days, all email requests that match the above triplet will be normally accepted. After a few days, the record of that triplet is obsolete, and is no longer considered when deciding whether to temporarily delay or grey list emails.

The system retains no local copy of delayed email, and the message is GreyListed before its content is received. Thus, there is no way to retrieve the content, headers, or subject matter of delayed email.

Example

Harry Bovik's cmuScsFullGreyListing attribute has a value of TRUE, which setting will reduce the spam arriving in Harry's email. But this reduction comes at the expense that some, but not all, of Harry's email is slightly delayed.

Limitations

This field is not required. If an account does not have the cmuScsFullGreyListing attribute set, it is the same as having it set to FALSE: No Greylisting will occur, and incoming mail will be delivered as usual.

If the value of the cmuScsFullGreyListing attribute is set to TRUE, Greylisting is enabled for that account.

How To Change

You can view or modify the value of this attribute via the SCS Corvid lookup page. Contact the SCS HelpDesk, <help+@cs.cmu.edu> or x8-4231, with any questions or problems.