Greylisting is a spam-defense method used by receiving mail servers that temporarily rejects a message from an unfamiliar sender the first time it arrives. The server issues a temporary 4xx deferral and records a triplet of the sender's IP, the envelope sender, and the recipient. It is essentially a test of whether the sender behaves like real mail infrastructure.
The technique works because legitimate mail servers, following the SMTP standard, will queue a deferred message and retry it after a short delay. Many spam-sending tools, by contrast, fire and forget — they do not bother retrying — so the message never arrives. When the legitimate sender retries after the greylisting window, the server accepts it and usually remembers the triplet so future mail passes immediately.
The main downside is delay. The first message from any new sender is postponed by minutes to sometimes an hour or more, depending on the retry schedule, which can be a problem for time-sensitive mail like password resets or one-time codes. After the initial acceptance, subsequent mail flows normally, so the delay is a one-time cost per sender.
For senders, greylisting registers as a soft bounce on the first attempt, and a properly configured system will simply retry and get through. Problems arise only when a sender fails to retry correctly or when misconfiguration causes the retry to come from a different IP than the first attempt, breaking the triplet match and prolonging the delay.