Re: email address probes

["Greg A. Woods" <woods () weird com>]

[ On Wednesday, February 5, 2003 at 20:54:19 (+0000), Andy Bastien wrote: ]
> Subject: email address probes
>
> I'd like to be able to stop these attempts, but I can't think of a way
> to do it.

If there's no local user for the "attempt" then the most correct way,
and I suppose best and only proper way, to answer the invalid "RCPT TO:"
is indeed with just a plain simple "550 User unknown" (or "550-5.1.1
User unknown" if your server supports ESMTP ESN).

If the connections come fast and furious from the same remote server
then you can introduce a delay before you send your reject reply status
code, or even send a "550-User unknown" line, then pause for up to a
minute or two, and finally a "550 Thanks for trying!" line.  Some people
call this scheme a "tar pit" -- it slows down a rabid sender because it
forces it to wait for the last line of the multi-line 550 message.

-- 
                                                                Greg A. Woods

+1 416 218-0098;            <g.a.woods () ieee org>;           <woods () robohack ca>
Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com