If there is any doubt about an email received (incorrect SPF, listed IP, dubious domain, etc.) our infrastructure activates the anti-bombing or "grey zone":
The mail is first refused a first time (421 throttle: firsttry) by asking the sending server to come back later. A time validity window between 2 minutes and 1 hour is then opened:
- If the mail is received within 2 minutes, it will be rejected (421 throttle early)
- If the mail is repeated after one hour, it will be rejected (421 throttle late)
- If it shows up in the validity window, it will be passed on to our anti-spam engine
This grey area effectively blocks the vast majority of 0-day threats, as most SPAM servers either never show up or only show up once and too quickly.