One method used to gather addresses for spamming is to misuse the
RCPT TO: command. To illustrate, consider the following fragment of
an SMTP session:
550 5.1.1 <firstname.lastname@example.org>... User unknown
550 5.1.1 <email@example.com>... User unknown
550 5.1.1 <firstname.lastname@example.org>... User unknown
550 5.1.1 <email@example.com>... User unknown
250 2.1.0 <firstname.lastname@example.org>... Recipient ok
550 5.1.1 <email@example.com>... User unknown
Here, some other site has connected to your
sendmail and started sending bad RCPT TO:
commands for a series of possible usernames. These are alphabetical,
but other such abuses might be based on lists of common names.
Whenever sendmail replies with a 250, the other
site knows that that address is good, and adds it to its list of spam
With V8.12 and later sendmail it is possible to
impose a penalty on sites that send too many bad RCPT TO: commands.
You do that by defining the BadRcptThrottle, like
O BadRcptThrottle=num configuration file (V8.12 and later)
-OBadRcptThrottle=num command line (V8.12 and later)
define(`confBAD_RCPT_THROTTLE',`num') mc configuration (V8.12 and later
Here, num is a textual representation of a
positive integer. If num is negative,
nonnumeric, or zero (the default), bad RCPT TO: commands are accepted
without penalty. If num is positive, only
that number of bad RCPT TO: commands are allowed in a single SMTP
session before a penalty is imposed.
The penalty begins by logging the following warning:
other site: Possible SMTP RCPT flood, throttling.
Thereafter, every RCPT TO: command will be received by the local
sendmail, which will sleep for one second before
replying. The choice of one second is hardcoded in
sendmail and cannot be changed.
The BadRcptThrottle option can be used in
combination with the MaxRecipientsPerMessage
option (MaxRecipientsPerMessage) to further limit the number of
recipients per message.
The BadRcptThrottle option is safe. Even if it is
specified from the command line, sendmail
retains its special privileges.