January 3, 2026

OTP vs Greylist: Inbox Thunderdome

Article URL →HN comments →

Why 451 Is Good for You – Greylisting Perspectives from the Early Noughties

Old email rules vs instant codes — and the comments bite

TLDR: An old post defends email “greylisting”—a temporary try-again message—to call out a vendor whose mailer didn’t retry and lost paid license emails. Commenters split: standards say retry, but greylisting slows one-time codes; the debate feels dated yet still matters for reliability and user experience.

A dusty 2010 email meltdown just got resurrected: a software vendor used sketchy mail tools, didn’t retry after a temporary “try again” message, and customers waited on pricey license keys that never arrived. The author says this 451 is a good delay—part of “greylisting,” a spam-fighting move that nudges legit senders to retry. Cue the comments: captn3m0 pulls the fire alarm—this is SMTP 451 (email) not HTTP 451 (legal blocks), while readers crack Fahrenheit 451 jokes. One more nerd note: RFC 5321, the Internet’s email rulebook, says proper mailers should queue and retry. Kwpolska fires back: calling blocked legit mail “good for you” is… not it.

The modern crowd storms in. purkka rages that greylisting is fine until your login code shows up 20 minutes late and dies after 15—welcome to 2025, where email isn’t just letters, it’s locks and keys. flomo rolls eyes: why re-litigate ancient drama when email’s untrusted and the original site morphed into an AI startup? The thread splits into two camps: “Fix your mail server like a grown-up” vs “Don’t punish users waiting for codes.” Memes fly—“451 shades of delay,” “OTP vs Greylist cage match”—and everyone agrees on one thing: the comments are the real show.

Key Points

  • A 2010 incident saw a software vendor fail to deliver paid license keys due to incompatibility with greylisting.
  • Hansteen’s spamd logs showed the sender opened two SMTP sessions within a second and then discarded the message.
  • RFC 2821 requires SMTP clients to queue undeliverable mail, delay retries (typically ≥30 minutes), and keep retrying for 4–5 days.
  • The vendor’s sending strategy assumed recipients would always be receptive and did not properly handle temporary failures.
  • The article underscores that reliable email delivery depends on senders honoring temporary failure signals and retrying later.

Hottest takes

"How is preventing delivery of legitimate email ... 'good for you'?" — Kwpolska
"Greylisting is great until it delays your email login/signup verification codes for 20 minutes" — purkka
"And he's still trying to re-litigate that?" — flomo

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.