Early talker detection
From ASRG
Anti-spam technique: Early talker detection | |
---|---|
Date of first use: | early 2000s |
Effectiveness: | High |
Popularity: | Medium |
Difficulty of implementation: | Easy |
Where implemented: | MTA |
Harm: | Low |
The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command. Sloppily written spamware often sends the HELO immediately without waiting for the greeting. If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.
Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this techchnique is in general highly specific to spamware with very few false positives.
It's sometimes used in combination with Greet pause.