Greylisting is not an anti-spam filter itself. More specifically, greylisting takes advantage of a required behavior by the RFCs that some anti-spam products use to greatly reduce the amount of spam received.

In the majority of the cases, when a "spam bot" computer is used to send spam, it will do so by sending huge amounts of emails in the fastest way possible. If a recipient's SMTP server does not respond, chances are that the spam bot will ignore such server and move on.

Luckily this behavior by spammers is in direct violation of the RFCs that dictate how email works. The RFCs require that, if an initial attempt to deliver an email fails, the sender must retry to send it.

Greylisting takes advantage of this by initially denying every connection attempt from an IP address. Only after a certain, small amount of time is the remote IP allowed to connect. If the sender is a spam bot, it is very likely that said IP will never retry to connect again, and so it will not even try to send spam. If the sender is a legitimate server, they will be following the RFC guidelines, and within a few minutes they will retry sending the email, which will be then delivered.

SpamFilter ISP v4 and higher support greylisting, and we at LogSat Software have made some changes in the implementation of this method to reduce the amount of delays that occur when a server connects for the first time to SpamFilter.