Timing and protocol defects
From ASRG
Jump to navigationJump to search
| Anti-spam technique: Timing and protocol defects | |
|---|---|
| Date of first use: | |
| Effectiveness: | High |
| Popularity: | Medium |
| Difficulty of implementation: | Low |
| Where implemented: | MTA |
| Harm: | Low |
SMTP requires that clients wait for a 2xx response to the HELO or EHLO command before proceeding. One ant-spam technique, known as a premature pipeline check pr early talking', detects extra data in the input buffer prior to the server sending the HELO/EHLO response, or prior to any command if the server hasn't offered the PIPELINEING extension.
Other protocol defects include:
- Sending MAIL FROM without first sending HELO or EHLO
- Omitting the angle brackets required in MAIL FROM and RCPT TO
- Adding a space after the colon in MAIL FROM or RCPT TO
- Syntactically invalid HELO/EHLO name
If such data is found, the client has failed the test. The server might then reject the message, close the connection, blacklist the client, etc.
