Rate limits: Difference between revisions
From ASRG
Jump to navigationJump to search
(New page: {{ast |date=early 2000 |difficult=Low |popular=High |effective=Low |harm=Low |where=MTA }} The idea behind rate limit is that usually humans and legitimate mail servers send messages at s...) |
No edit summary |
||
| Line 7: | Line 7: | ||
|where=MTA | |where=MTA | ||
}} | }} | ||
Humans and legitimate mail servers usually send messages at a limited rate. Spam robots can, sometimes, send bursts of messages. An SMTP server can count the number of connections per client over some time window and reject connections, with a temporary reply code, when a threshold is reached. Limits are usually applied to connections, messages or recipients. | |||
Nowadays, rate limiting effectiveness is too low to be considered as a real anti-spam measure, but it remains very effective against DoS and other abuses. It can suffer from false positives against legitimate bursty mail sources such as mailing lists. | |||
Nowadays, rate limiting effectiveness is too low to be considered as a real anti-spam measure, but it remains very effective against DoS and other abuses. | |||
Latest revision as of 17:11, 30 May 2009
| Anti-spam technique: Rate limits | |
|---|---|
| Date of first use: | early 2000 |
| Effectiveness: | Low |
| Popularity: | High |
| Difficulty of implementation: | Low |
| Where implemented: | MTA |
| Harm: | Low |
Humans and legitimate mail servers usually send messages at a limited rate. Spam robots can, sometimes, send bursts of messages. An SMTP server can count the number of connections per client over some time window and reject connections, with a temporary reply code, when a threshold is reached. Limits are usually applied to connections, messages or recipients.
Nowadays, rate limiting effectiveness is too low to be considered as a real anti-spam measure, but it remains very effective against DoS and other abuses. It can suffer from false positives against legitimate bursty mail sources such as mailing lists.
