Rate limits
From ASRG
Anti-spam technique: Rate limits | |
---|---|
Date of first use: | early 2000 |
Effectiveness: | Low |
Popularity: | High |
Difficulty of implementation: | Low |
Where implemented: | MTA |
Harm: | Low |
Humans and legitimate mail servers usually send messages at a limited rate. Spam robots can, sometimes, send bursts of messages. An SMTP server can count the number of connections per client over some time window and reject connections, with a temporary reply code, when a threshold is reached. Limits are usually applied to connections, messages or recipients.
Nowadays, rate limiting effectiveness is too low to be considered as a real anti-spam measure, but it remains very effective against DoS and other abuses. It can suffer from false positives against legitimate bursty mail sources such as mailing lists.