Hosting Provided By

Re: email address probes

From: Greg A. Woods <woods(at)weird.com>
Date: Wed Feb 05 2003 - 18:04:44 EST

[ On Wednesday, February 5, 2003 at 20:54:19 (+0000), Andy Bastien wrote: ]
> Subject: email address probes
>
> I'd like to be able to stop these attempts, but I can't think of a way

If there's no local user for the "attempt" then the most correct way, and I suppose best and only proper way, to answer the invalid "RCPT TO:" is indeed with just a plain simple "550 User unknown" (or "550-5.1.1 User unknown" if your server supports ESMTP ESN).

If the connections come fast and furious from the same remote server then you can introduce a delay before you send your reject reply status code, or even send a "550-User unknown" line, then pause for up to a minute or two, and finally a "550 Thanks for trying!" line. Some people call this scheme a "tar pit" -- it slows down a rabid sender because it forces it to wait for the last line of the multi-line 550 message.

-- 
								Greg A. Woods

+1 416 218-0098;            ;           
Planix, Inc. ; VE3TCP; Secrets of the Weird 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Thu Feb 6 12:11:56 2003

This message: [ Message body ]
Next message: Johann Kruse: "RE: email address probes"
Previous message: Brad Arlt: "Re: email address probes"
In reply to Andy Bastien: "email address probes"
Next in thread: Axel Beckert - ecos gmbh: "Re: email address probes"
Reply: Axel Beckert - ecos gmbh: "Re: email address probes"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT