This is a list of email delivery attempts (e1 to e5) arranged in chronological order.
e1) An email is received from a sender who is not yet found on the greylist (“Listed? No.”). The Mail Transfer Agent rejects the email indicating that a technical error has occurred. The envelope data is recorded in the greylist.
e2) Later, another email is delivered from the same sender to the same recipient. Since the envelope data is already in the greylist, the email is delivered. In addition, the envelope data is entered in the whitelist.
e3) As of the last correspondence between Anne and Fred, the IP address of Anne’s SMTP server has changed. Previously, it was 192.0.2.3, and now it is 192.0.2.34. Anne is thus treated as an unknown sender and ends up on the greylist first.
e4) Later, Anne writes to Fred again. This time, the SMTP server is being used under the original IP address 192.0.2.3. Since this envelope data is already on the whitelist, Anne’s email is delivered immediately.
e5) A delivery attempt is made from a server under the IP address 192.0.2.66. Since this server is recorded on the blacklist as a known malicious server, the email’s delivery is rejected. It appears that the sender address anne@example.com has been spoofed.