Free Email Verifier

What is email greylisting?

· 4 min read

Email greylisting is an anti-spam technique where a receiving mail server temporarily rejects a message from an unknown sender with a 'try again later' response. Legitimate servers retry within minutes and the mail gets through. Spammers usually do not retry, so the message never arrives.

How does email greylisting work?

When a new sender tries to deliver mail, the server records three things: the sender IP, the envelope from address, and the recipient. It replies with a temporary 4xx error. The sending server should retry after a delay. On the second attempt, the server recognizes the triplet and accepts the message.

The trick is timing. The delay is usually short, from a few minutes to an hour. Spam tools blast a list once and move on. They rarely queue and retry. Legitimate mail servers, from Google to a small business relay, always retry on a 4xx code because the SMTP spec requires it. So greylisting filters out a chunk of low-effort spam with almost no cost to real senders.

Why do mail servers use greylisting?

Greylisting is cheap and effective. It blocks bulk spam that never retries, without maintaining a huge blocklist or running heavy content scans. A receiving server stops an unknown sender once, waits for proof of a retry, and only then lets the message in. Real senders pass. Many throwaway spam bots do not.

There is a cost, though. Greylisting adds latency. The first message to a new contact can be delayed by minutes. For password resets and one-time codes, that delay is a real problem, which is why fewer providers greylist aggressively today. Many now use it selectively, only for senders with a poor or unknown reputation.

How long does greylisting last?

Usually not long. Most greylisting windows range from a few minutes to about an hour. Once a sender passes the retry test, the server remembers the triplet and stops deferring future mail from that pairing, often for days or weeks. So the delay hits only the first message, not every send.

That memory is why greylisting rarely hurts ongoing email relationships. Your first cold email to a new domain might sit in the queue for a bit. Your follow-ups usually sail through. It is the initial contact, and the verification probe, that get caught.

Why does greylisting show up as an Unknown verdict?

Email verification checks a mailbox by opening an SMTP conversation with the receiving server. If that server greylists the probe, it returns a temporary 4xx code instead of a clear yes or no. The verifier cannot confirm the mailbox exists yet, so it reports Unknown rather than guess Deliverable or Invalid.

A good verifier does not treat a 4xx like a 5xx. A 5xx means the mailbox is gone, which is Invalid. A 4xx means try later, which is Unknown. Here is how the common SMTP responses map to verdicts.

SMTP responseMeaningVerifier verdict
250 OKMailbox acceptedDeliverable
450 / 451 / 421Temporary deferral, retry laterUnknown (often greylisting)
550 / 551 / 553Mailbox does not existInvalid
Accept-all responseServer accepts every addressRisky (catch-all)

When you see a batch of Unknown results clustered around one or two domains, greylisting is the usual cause. The mailbox is probably fine. The receiving server just refused to answer on the first knock.

The Free Email Verifier flags these as Unknown, not Invalid, precisely so you do not delete a good address over a temporary deferral.

How is greylisting different from a bounce?

A bounce is permanent. The server says the mailbox does not exist or refuses the mail outright, and it will not change on retry. Greylisting is temporary. The server defers the message on purpose and expects a second attempt. One is a dead end. The other is a short pause.

This distinction matters for your list hygiene. Do not delete an address just because a single verification came back Unknown. A hard bounce, a 5xx, is a real signal to suppress the address. A greylisting deferral is not. Re-check those addresses later, and most will resolve to Deliverable.

Check your list right now, free

10 checks a day with no signup. 100 a day with just your email.

Verify emails free

How do you handle greylisting when verifying a list?

Wait and retry. Because greylisting clears on the second attempt, the fix is to re-verify Unknown addresses after a short delay. A good verifier retries automatically. If you export a list yourself, run the Unknown segment again an hour later before you make any keep-or-drop decisions.

  1. Run the full list once and note every Unknown verdict.
  2. Group the Unknowns by domain. A cluster on one domain points to greylisting, not bad addresses.
  3. Wait at least 15 to 60 minutes so the receiving server clears its greylist window.
  4. Re-verify only the Unknown segment to save quota.
  5. Treat anything still Unknown after two or three passes as low confidence, and send to it carefully or not at all.

For sending, warm your domain and keep volume steady. Greylisting hits new or bursty senders hardest. A consistent sending pattern, a clean SPF record, and aligned DKIM signing help receiving servers trust you faster, so they stop deferring your mail. If you self-host, make sure your outbound server actually retries on 4xx codes. A misconfigured relay that gives up after one attempt will look like a delivery failure when the mail was only greylisted.

Does greylisting still matter in 2026?

Yes, but less than it once did. Fewer large providers greylist by default because the delay hurts transactional mail. Smaller mail servers, self-hosted domains, and some business filters still use it. So you will keep seeing occasional Unknown verdicts from greylisting, mostly on niche or self-managed domains.

The takeaway: greylisting is a feature, not a failure. It slows spam and, as a side effect, produces a small share of Unknown results during verification. Understand the 4xx signal, retry patiently, and you will get an accurate read on your list without dropping perfectly good contacts.