Timing and protocol defects: Difference between revisions

From ASRG
Jump to navigationJump to search
No edit summary
No edit summary
 
(2 intermediate revisions by one other user not shown)
Line 4: Line 4:
|popular=Medium
|popular=Medium
|effective=High
|effective=High
|Harm=Low
|harm=Low
|where=MTA
|where=MTA
}}
}}


SMTP requires that clients wait for a 2xx response to the HELO or EHLO command before proceeding.  One ant-spam technique, known as a ''premature pipeline check'', detects extra data in the input buffer prior to the server sending the HELO/EHLO response. If such data is found, the client has failed the test.  The server might then reject the message, close the connection, blacklist the client, etc.
SMTP requires that clients wait for a 2xx response to the HELO or EHLO command before proceeding.  One ant-spam technique, known as a ''premature pipeline check'' pr ''early talking', detects extra data in the input buffer prior to the server sending the HELO/EHLO response, or prior to any command if the server hasn't offered the PIPELINEING extension.
 
Other protocol defects include:
*Sending MAIL FROM without first sending HELO or EHLO
*Omitting the angle brackets required in MAIL FROM and RCPT TO
*Adding a space after the colon in MAIL FROM or RCPT TO
*Syntactically invalid HELO/EHLO name
 
If such data is found, the client has failed the test.  The server might then reject the message, close the connection, blacklist the client, etc.

Latest revision as of 08:08, 15 March 2008

Anti-spam technique: Timing and protocol defects
Date of first use:
Effectiveness: High
Popularity: Medium
Difficulty of implementation: Low
Where implemented: MTA
Harm: Low


SMTP requires that clients wait for a 2xx response to the HELO or EHLO command before proceeding. One ant-spam technique, known as a premature pipeline check pr early talking', detects extra data in the input buffer prior to the server sending the HELO/EHLO response, or prior to any command if the server hasn't offered the PIPELINEING extension.

Other protocol defects include:

  • Sending MAIL FROM without first sending HELO or EHLO
  • Omitting the angle brackets required in MAIL FROM and RCPT TO
  • Adding a space after the colon in MAIL FROM or RCPT TO
  • Syntactically invalid HELO/EHLO name

If such data is found, the client has failed the test. The server might then reject the message, close the connection, blacklist the client, etc.