[purkka]

Greylisting is great until it delays your email login/signup verification codes for 20 minutes. Especially if they expire in 15.

I guess this only shows how email is used for entirely orthogonal purposes now.

[dijit]

I have an auto-whitelist if my greylisting has been handled properly, which means that, the first signup email is indeed invalid, but the second works.

On rare occasions I get frustrated by this, and I'm forced to login via ssh and manually permit a greylisted address through - though normally I am not so time sensitive. My greylisting is only 5 minutes.

[nulbyte]

I tend to despise senders that believe email is always an effective real-time channel. Delays happen for all sorts of reasons, ranging from massive outages to scanning incoming emails for spam or malware (my corporate email is sloooow).

Greylisting has been so effective for my personal email, I don't mind waiting a bit on the rare occasion (by now, most senders are already recognized). And on the rare occasion I get spam, it's been cathartic, adding a rule to reject the sender with a quippy SMTP eerror. It's also been easy enough just to forward it to abuse@google.com, because it's almost always from Gmail.

[spc476]

Unless you whitelist the notification email, which I've has to do a few times.

[jasode]

Whitelisting doesn't work if one doesn't know the email domain name the service will use.

An Amazon verification email will be sent from "account-update@amazon.com". It's intuitive to predict "@amazon.com" so whitelisting works.

However, State Farm Insurance login verification codes are actually sent from "noreply@sfauthentication.com" instead of the "@statefarm.com"