Timing and protocol defects

From ASRG
Jump to navigationJump to search
Anti-spam technique: Timing and protocol defects
Date of first use:
Effectiveness: High
Popularity: Medium
Difficulty of implementation: Low
Where implemented: MTA
Harm: Low


SMTP requires that clients wait for a 2xx response to the HELO or EHLO command before proceeding. One ant-spam technique, known as a premature pipeline check pr early talking', detects extra data in the input buffer prior to the server sending the HELO/EHLO response, or prior to any command if the server hasn't offered the PIPELINEING extension.

Other protocol defects include:

  • Sending MAIL FROM without first sending HELO or EHLO
  • Omitting the angle brackets required in MAIL FROM and RCPT TO
  • Adding a space after the colon in MAIL FROM or RCPT TO
  • Syntactically invalid HELO/EHLO name

If such data is found, the client has failed the test. The server might then reject the message, close the connection, blacklist the client, etc.