Skip to the content of the web site.

Email

Enhancing UW Mail Service with greylisting

Greylisting is a spam reduction technique that challenges the email sender by enforcing a slight delay in email delivery. This technique was implemented on the IST departmental server on February 15, 2005. Reported volumes of spam reaching mailboxes has been significantly reduced by this measure. The following outlines a plan to deliver this technology to other users on campus via the mailservices cluster.

The mailservices cluster provides a number of campus email services. Email addressed to userid@uwaterloo.ca is first processed by the cluster and then redirected to the preferred campus email server of the individual recipient. Email destined for a selected list of campus email servers (currently at least watserv1, admmail, artsmail and jubilation) is redirected by MX record to the mailservices cluster.

  1. Test mode implementation
    The initial implementation greylisting on mailservices took place on April 25th. This"test mode" identifies the individual users who are subjected to greylisting. Another term would be "opt-in". This implementation has enabled the mailservices team to evaluate the software both in a Linux implementation and in a clustered environment before everyone is affected.

  2. Add IST staff to test implementation
    To expand the testing of greylisting on the cluster, all IST staff were "opted-in" - we like to subject IST staff to changes before they are introduced into the broader community. This was done on April 28.

  3. Invite and encourage academic support staff to test implementation
    Academic-support staff at UW primarily use the admmail server. The mailservices cluster handles that mail delivery via MX implementation. The test period offered "opt-in" to individuals or groups in the academic support units. This was done on April 28.

  4. Configuration in test implementation
    The configuration for mailservices cluster has been based on experience with the IST implementation. The items of interest are:
    • Do not delay any mail from UW networks or localhost
    • Do not delay any mail from wlu.ca or fw.manulife.com. Earlier testing showed long (or non-existent) retry periods from these servers.
    • Set the time of delay to 5 minutes. In practice the delay time is dependent on the retry time implemented at the remote host.
    • Set the autowhitelist time to 8 days. This is the period of time that an external sender will be remembered as legitimate after the first delay/success combination. The intent is that if the recipient gets regular weekly email from an external source the system will remember to pass it through without delay.

  5. Announcements to campus community
    With the success of the test implementation, support for greylisting on the mail services cluster was announced for implemenation on May 25.

  6. Implementing server whitelisting
    The greylisting technique can be bypassed for known non-spammers using server whitelisting. Based on the experience of IST and the Library, we expect few requests for the whitelisting of external servers. IST implemented just three (wlu,ca, manulife.ca, cisco.com) and received no feedback to add others to the list. The Library implemented server whitelisting for all Ontario universities plus other selected email servers. The mailservices team will monitor the system logs to see if there are some external servers that should be whitelisted. One potential set of servers are the major ISPs that serve the local market, including Rogers, Sympatico and Golden. Users can suggest servers to whitelist using the traditional method of contacting IST for service (i.e. the request system and phone calls).

  7. Implementing recipient opt-out
    While we believe that most people will enjoy the benefits of reduced spam using greylisting, some will not want the median 30 minute delay in the receipt of email from off campus. To opt-out of the greylisting service, simply send your request to request@rt. Opt-out lists will be updated daily.