top | item 8623034

(no title)

On a an unhardened SMTP server, nothing. But there's not a huge amount of value for them in sanitizing those lists either, as they already deal in such high volumes of mail a few retired accounts don't matter. There are anti-spam products from places like GFI that can apply heuristics to incoming requests and filter out anything suspect though.

The bigger risk is directory harvest attacks, where spammers dictionary generate RCPT TO requests and use any 250/251 replies to compile new mailing lists.

Tarpitting combats this to some degree and is considered best practice when allowing RCPT replies. The receiving server is configured to pause for a few seconds before replying to each RCPT TO. 5-10 seconds is fast enough to not impact mail flow while rendering dictionary based directory harvest attacks non-viable.

discuss

No comments yet.