Why is my outbound email being greylisted?

What is Greylisting?

Greylisting is used to prevent bulk e-mailers and SPAM bots from having their outbound email delivered. Greylisting is a temporary rejection of the message that forces the sending agent to resend the message at a later time. Legitimate senders will attempt a retry on the message later while bots and spammers normally will not. Typically, greylisting occurs more often on new IP addresses or mail systems that send low volume. Some ISPs will also increase greylisting when there is a problem with your server's IP configuration or your IP address has a low sender reputation.

 

IP Configuration

The IP address settings page in Hurricane Server MTA MUST have a Fully Qualified Domain Name (FQDN) that resolves to that IP, plus a reverse DNS entry for that IP that resolves to the same FQDN. If this is not set up correctly, you will typically see error messages in the defer log that look like this:

451 No Reverse DNS for XXX.XXX.XXX.XXX

This type of misconfiguration is detected by many ISPs and will cause your outbound mail to get greylisted or to fail completely.

 

Sender Reputation

Sender reputation is how the major email providers rate an IP address based on its sending history. This is usually determined by the bounce rate, the number of spam trap hits, user complaints, and the volume of outbound mail. One of the problems that most senders have with the sender reputation system is that your reputation starts off low until you prove yourself based on the volume of outbound email in relation to the amount of SPAM traps hits, complaints, and unknown recipient  attempts. If your sender reputation is low, when an ISP then detects a large amount of messages coming from your IP, it's going to apply rate-limiting and increase greylisting because it's not sure if you are a legitimate sender.

 

Troubleshooting

You must first check your configuration and make sure your IP addresses are set up correctly. If you find yourself being heavily greylisted, you should scan through the account level defer logs and read the error messages coming back from the server. Most of them will contain a URL that explains the sending policies for that ISP. If you continue to have problems sending to them after following their suggestions, they will normally have a form you can fill out, and if you're lucky, someone will get back to you.

 

Hurricane MTA Server settings

Hurricane Server also has some built-in features that help with greylisting. Under the Account->Deferrals page there is a check box that's called Optimized Greylisting. What this will do is auto-detect greylisting and retry the outbound message in a shorter amount of time than the standard deferrals. In addition to this, delivery rules can be set up for specific ISP domains with which you are having problems.

If your reputation is low, some ISPs will rate-limit your IP address. When this happens you will see error message such as:

421 The mail server IP connecting to server has exceeded the rate limit allowed on this connection.

The delivery rules will allow you to adjust how many outbound messages are sent per hour. It is recommended that you start with something low like 30 per minute and then adjust it from there once your reputation has increased.