Early talker detection

From ASRG
Revision as of 00:05, 13 August 2008 by Johnl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
Anti-spam technique: Early talker detection
Date of first use: early 2000s
Effectiveness: High
Popularity: Medium
Difficulty of implementation: Easy
Where implemented: MTA
Harm: Low


The SMTP standards say that at the beginning of a connection, the server first sends a greeting message, after which the client sends the HELO or EHLO command. Sloppily written spamware often sends the HELO immediately without waiting for the greeting. If the server slightly delays the greeting, it can check to see if there's a premature HELO and drop the connection.

Although there are reported to be occasional legitimate MTAs that don't wait for the banner, this technique is in general highly specific to spamware with very few false positives.

It's sometimes used in combination with Greet pause.