Rate limits

From ASRG
Jump to navigationJump to search
Anti-spam technique: Rate limits
Date of first use: early 2000
Effectiveness: Low
Popularity: High
Difficulty of implementation: Low
Where implemented: MTA
Harm: Low

Humans and legitimate mail servers usually send messages at a limited rate. Spam robots can, sometimes, send bursts of messages. An SMTP server can count the number of connections per client over some time window and reject connections, with a temporary reply code, when a threshold is reached. Limits are usually applied to connections, messages or recipients.

Nowadays, rate limiting effectiveness is too low to be considered as a real anti-spam measure, but it remains very effective against DoS and other abuses. It can suffer from false positives against legitimate bursty mail sources such as mailing lists.