Early talker detection: Difference between revisions

From ASRG
Jump to navigationJump to search
(New page: {{ast |date=early 2000s |difficult=Easy |popular=Medium |effective=High |where=MTA |harm=Low }} The SMTP standards say that at the beginning of a connection, the server first sends a gree...)
 
mNo edit summary
 
Line 10: Line 10:
The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command.  Sloppily written spamware often sends the HELO immediately without waiting for the greeting.  If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.
The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command.  Sloppily written spamware often sends the HELO immediately without waiting for the greeting.  If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.


Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this techchnique is in general highly specific to spamware with very few false positives.
Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this technique is in general highly specific to spamware with very few false positives.


It's sometimes used in combination with [[Greet pause]].
It's sometimes used in combination with [[Greet pause]].

Latest revision as of 00:05, 13 August 2008

Anti-spam technique: Early talker detection
Date of first use: early 2000s
Effectiveness: High
Popularity: Medium
Difficulty of implementation: Easy
Where implemented: MTA
Harm: Low


The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command. Sloppily written spamware often sends the HELO immediately without waiting for the greeting. If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.

Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this technique is in general highly specific to spamware with very few false positives.

It's sometimes used in combination with Greet pause.