Tarpitting makes it possible for you to deliberately slow down a connection once a specified number of RCPT commands have been received from a message's sender. This is to discourage spammers from trying to send unsolicited bulk email ("spam") to your domains. You can specify the number of RCPT commands allowed before tarpitting begins and the number of seconds to delay the connection each time a subsequent RCPT command is received from that host during the connection. The reasoning behind this technique is that if it takes spammers an inordinately long period of time to send each message to you then that will discourage them from trying to do so again in the future.
Tarpit Settings
Activate tarpitting
Click this checkbox to activate the Tarpitting feature. Tarpitting is disabled by default.
SMTP EHLO/HELO delay (in seconds):
Use this option to delay the SecurityGateway's response to EHLO/HELO SMTP commands. Delaying the responses by even as little as ten seconds can potentially save a significant amount of processing time by reducing the amount of spam received. Frequently spammers depend on rapid delivery of their messages and therefore do not wait long for a response to EHLO/HELO commands. With even a small delay, spam tools will sometimes give up and move on rather than wait for a response. Connections on the MSA port (designated on the Email Protocol page) are always exempt from this delay. The default setting for this option is "0", meaning EHLO/HELO will not be delayed.
Authenticated IPs experience a single HELO/EHLO delay per day
When you have designated an EHLO/HELO delay, an IP address over which an authenticated SMTP session has taken place will experience only a single delay per day. This delay occurs right before the first time the session is authenticated. This option is disabled by default.
SMTP RCPT tarpit threshold:
Use this option to specify the number of SMTP RCPT commands that you wish to allow for a given host during a mail session before SecurityGateway will begin tarpitting, or delaying, that host. For example, if this number is set to 10 and a sending host attempts to send a message to 20 addresses (i.e. 20 RCPT commands), then SecurityGateway will allow the first 10 normally and then pause after each subsequent command for the number of seconds specified in the SMTP RCPT tarpit delay option below. The default value for this option if 5.
SMTP RCPT tarpit delay (in seconds):
Once the SMTP RCPT tarpit threshold is reached for a host, this is the number of seconds that SecurityGateway will pause after each subsequent RCPT command is received during the mail session with that host. Each subsequent RCPT command will be delayed 10 seconds by default.
Scaling Factor:
This value is a multiplier by which the base tarpit delay will be increased over time. When the tarpit threshold is reached and the tarpit delay is applied to a session, each delay will be multiplied by this value to determine to length of the next delay in the session. For example, if the tarpit delay is set to 10 and the scaling factor is set to 1.5 then the first delay will be 10 seconds, the second will be 15 seconds, the third 22.5, then 33.75, and so on (i.e. 10 x 1.5 = 15, 15 x 1.5 = 22.5, etc.). The default Scaling factor is 1, meaning that the delay will not be increased.
Exclusions
Exclude messages from allowlisted senders
By default all messages coming from allowlisted senders are excluded from tarpitting restrictions. Clear this checkbox if you wish to subject allowlisted senders to the tarpitting rules as well.
Exclude messages from authenticated sessions
Messages coming in over authenticated sessions are exempt from tarpitting by default. Uncheck this box and the tarpitting restrictions will also apply to those messages.
Exclude messages from domain mail servers
Messages coming from one of your domain mail servers are exempt from Tarpitting by default. Clear this checkbox if you do not wish to exclude domain mail servers from Tarpitting restrictions.
