Greylisting (check greylisting.org) is one of many anti-spam techniques in use all over the Internet today.
The basic premise is that when a new connection comes in and offers email from to , you check your database to see if you have already seen this information (a triplet of information – IP address in /24 notation, envelope-from, envelope-to). If you have seen it, make a decision to accept or continue. If you have not seen it…then issue a temporary failure and get ready to close connection.
This is very very effective against virus laden computers as the virii does not propagate well as it does not retry. Of course, a virus could run again and send another message later, which would then bypass the greylisting service.
Some of the greylisting servers, though, are smart about this kind of behaviour and remove un-retried entries from the database quicker than it would normally prune the database.
In the case of a dialup user, the network they could be dialing may be changing, which would cause the greylisting service to again return another temporary failure.
One posting I found on the ‘net talked about how greylisting is not all that useful as eventually the zombied machines will start retrying. I have been saying this for years since implementing greylisting on a largish ISP system back in 2002-2003, and yet it continues to be quite effective.
More than likely it is because the zombied systems are trying to pump and dump as much as possible, and having to requeue and retry is going to waste time, and resources. Once enough resources are wasted, the end user is going to notice and clean their system, removing a zombie that the abuser wants to have online.
Personally, while I still believe that greylisting will not last forever, it is quite effective at stopping spam and virus traffic with almost 0% false positives.