5.4.1 ORF Online Help
Select your ORF version:

Table of Contents

Tarpit Delay Settings


This help section describes the tarpit delay feature and the related settings.

General Information

Tarpit delay holds back SMTP responses sent by ORF upon blacklisting. As the sender server has to wait for the ORF's response, you can use this feature to "fight back" spammers by slowing them down or to make it virtually impossible for them to carry out a successful Directory Harvest Attack.

DHAs are used by spammers to harvest the list of valid email addresses from a domain using recipient specification commands. By checking the server's acceptance or rejection response, they can find out which addresses are valid and which are not.

Enabling or disabling the Tarpit Delay

Tarpit delay can be enabled or disabled for either of the filtering points on the FilteringActions page after clicking the Edit button. See the Before Arrival Actions and On Arrival Actions topics for detailed information.

Configuring Tarpit Delay

Tarpit delay can be configured by clicking the Configure this feature link in the description of its checkbox.

Delay only if the recipient is invalid

Use this option to delay responses only if the email or recipient was blacklisted due to an Recipient Validation Test or Recipient Blacklist Test hit.

If you want stop DHAs only, select this delay event.

Delay response on any blacklist hit

Delays the response if the email is blacklisted for any reason, including the above. Select this option to fight back spammers by slowing them down a little.

Duration

Configure for how long each SMTP response should be delayed. By default, responses are delayed for 60 seconds.

Although the maximum delay time allowed by the tarpit delay is 600 seconds (10 minutes), it is recommended to keep the delay limit lower. Microsoft® Exchange®'s default timeout limit is 10 minutes, but other email servers may not be this patient.

Exceptions

Some email servers, most notably Exim and Postfix, perform so-called Sender Callout Verifications, which is a controversial anti-spam technique. The verification is performed when the server receives email from someone. During the verification, the recipient email server connects back to the sender server and initiates an email sending process to check whether the sender email address is valid. If the recipient email server does not get the response in time, because the attempt was blacklisted and tarpit delay is activated, it does not accept the email.

To avoid such problems, you can add the sender email address used by the verification to the exception list. The list contains the Exim and Postfix verification addresses by default.

Notes

Calculation of the actual delay time

Because ORF tests may take a significant amount of time, ORF calculates the tarpit delay from the time the email or recipient was first "seen", i.e., DNS blacklist check time and other time-expensive tests are counted into the tarpit delay.

Copyright © Vamsoft Kft. All rights reserved. Document ID adm-tarpitdelay-settings, version 1.