Deliverability

Graylisting

Definition

Graylisting (also spelled greylisting) is an anti-spam technique where a receiving server temporarily rejects mail from a sender it has never seen, returning a 4xx reply that asks it to try again later. It bets on a simple difference: legitimate mail servers retry after a temporary failure, while a lot of bulk spam software never bothers. The standard is described in RFC 6647.

Temporarily defers mail from unknown senders, then accepts it on retry
Keyed on a triplet: sending IP, envelope sender, and recipient
Works because spam tools rarely retry but real mail servers always do
Adds a one-time delay to the first message between two parties

At a glance

Also spelled Greylisting

Described in RFC 6647 (2012)

Keyed on IP + envelope sender + recipient (triplet)

SMTP reply 4xx (often 451 or 421)

First-send cost A delay of minutes to hours

Bypasses Allowlisted or previously-seen senders

How graylisting works

When a message arrives, the graylisting server records a triplet: the sending IP address, the envelope sender, and the recipient. If it has never seen that exact combination before, it returns a temporary 4xx reply (commonly 451 or 421) and closes the connection without accepting the message. It does not reject the mail; it simply says “not yet.”

A properly built mail server treats that 4xx as a soft bounce, queues the message, and retries after a delay. When the retry arrives and the triplet has aged past a short minimum (often just a few minutes), the server accepts it and usually records the triplet so future mail between those two parties passes straight through. The whole mechanism rests on the fact that legitimate senders retry and most high-volume spam tools, optimised for throughput, do not.

Why it catches spam

RFC 6647 calls graylisting “cheap and early” because it acts at the very start of the SMTP conversation, before the message body is even transferred, and costs almost nothing to run. Its effectiveness comes from an asymmetry in how the two sides behave.

Much spam is sent by “spamware” that implements only a stripped-down version of SMTP and is built for raw volume. When such software hits a temporary failure it does not retry; it simply moves on to the next address in its list, because in spamming, volume counts for far more than reliable delivery to any one mailbox. A standards-compliant mail server, by contrast, is required to retry. Graylisting turns that single behavioural difference into a filter, which is why RFC 6647 notes it “surprisingly remains useful” despite being a very old idea.

The cost: delayed mail

Graylisting’s downside is latency on the first message between any two correspondents. A genuine email from a sender the server has never seen is deferred until the sending server retries, which can be anywhere from a couple of minutes to, in some configurations, an hour or more. For time-sensitive mail such as password resets, one-time codes, and order confirmations, that delay can be a real problem. Once the triplet is known, subsequent mail is unaffected.

From a sender’s point of view, graylisting is normal and not a reputation hit, as long as your server retries. The practical risks are a sending platform that gives up too soon instead of retrying, and a rotating pool of IPs where each new address is a fresh, never-seen triplet that gets deferred again. To reduce friction, many receivers now allowlist senders with a strong reputation or valid authentication so their mail skips the delay entirely.

The graylisting retry flow

A sender delivers mail for the first time

The receiver checks the triplet: IP + sender + recipient

Seen before: accept New triplet: defer

A new triplet gets a temporary 4xx reply and is deferred

A real mail server queues the message and retries after a delay

Spamware: never retries, gives up Legit server: retries

On retry the triplet has aged, so the message is accepted

Graylisting vs blacklisting

	Graylisting	Blacklisting
Action	Temporarily defers unknown senders	Outright blocks listed senders
Based on	Whether a triplet has been seen	Known bad IPs or domains
Default stance	Suspicious until a retry proves real	Trusted unless explicitly listed
Effect on you	A one-time delay	A hard rejection until delisted
Reverse via	Retrying (automatic)	A delisting request

By the numbers

4xx

The transient reply class graylisting uses to defer an unknown sender so a real server retries.

Elements in the graylisting triplet: sending IP, envelope sender, and recipient address.

RFC 6647

The IETF applicability statement that documents how email graylisting works and when to use it.

Common mistakes

Using a sender that does not retry

Graylisting only works for you if your platform treats the 4xx as a soft bounce and retries. A tool that gives up on the first deferral will silently fail to deliver to graylisting receivers.

Rotating IPs so every send is “new”

Each fresh sending IP is an unseen triplet that gets deferred again. A constantly rotating pool keeps re-triggering graylisting instead of building a known history.

Mistaking a graylist defer for a block

A 451 or 421 from graylisting is temporary and clears on retry. Treating it as a permanent failure and suppressing the address throws away a recipient who would have received the mail minutes later.

Frequently asked questions

What is graylisting in email?

Graylisting (or greylisting) is an anti-spam method where a receiving server temporarily refuses mail from a sender it has not seen before, returning a 4xx reply that asks it to try again later. Legitimate mail servers retry and get through; a lot of spam software never retries, so it is filtered out. It is documented in RFC 6647.

Why is my email being delayed by graylisting?

Because it is the first message your server has sent to that recipient from that IP, so the receiver deferred it to see whether you would retry like a real mail server. The delay lasts from the moment of the first attempt until your server retries past the receiver’s minimum age, often a few minutes but sometimes longer. Once the triplet is known, later mail is not delayed.

How is graylisting different from blacklisting?

Graylisting temporarily defers senders it has never seen and accepts them as soon as they retry, costing only a one-time delay. Blacklisting outright blocks senders that appear on a list of known bad IPs or domains, and the mail stays rejected until you get delisted. One is a wait-and-see filter; the other is a hard block.

Sources & further reading

RFC 6647 · Email Greylisting: An Applicability Statement for SMTP RFC 5321 · SMTP, including transient 4yz reply handling and retries

Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← Back to glossary