Early talker detection: Difference between revisions

Latest revision as of 23:05, 12 August 2008

Anti-spam technique: Early talker detection
Date of first use:	early 2000s
Effectiveness:	High
Popularity:	Medium
Difficulty of implementation:	Easy
Where implemented:	MTA
Harm:	Low

The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command. Sloppily written spamware often sends the HELO immediately without waiting for the greeting. If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.

Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this technique is in general highly specific to spamware with very few false positives.

It's sometimes used in combination with Greet pause.

@@ Line 10: / Line 10: @@
 The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command.  Sloppily written spamware often sends the HELO immediately without waiting for the greeting.  If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.
-Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this techchnique is in general highly specific to spamware with very few false positives.
+Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this technique is in general highly specific to spamware with very few false positives.
 It's sometimes used in combination with [[Greet pause]].

Early talker detection: Difference between revisions

Latest revision as of 23:05, 12 August 2008

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools