After 4 hours the triplet will be expired, so delivery attempts will register anew.
When the greylister sees an attempt within the 25 minute - 4 hour window, the connecting host will be whitelisted for 36 days.
By stopping spam before it hits filtering processes, far fewer system resources are used.
This allows more layers of spam filtering or higher throughput since greylisting can easily be configured as a first line of defense with a heuristic filter such as Spam Assassin handling messages that go through.
For example, a greylister can require a successful delivery attempt against a registered triplet to be no earlier than 25 minutes after registration and not later than 4 hours after it.
Repeated delivery attempts before the 25 minute period will be ignored with the same 4xx reply code.
The main advantage from the users' point of view is that greylisting requires no additional configuration from their end.
Since the advent of greylisting, spammers have taken to rerunning their mail delivery tools to resend the same email again without having to expend resources queueing the email.
However, this approach still requires them to expend additional resources resending the email a second time.
As of 2011, spammers have been using this technique for many years.
Delaying delivery also gives real-time blackhole lists and similar lists time to identify and flag the spam source.