Tar pitting is the practice of deliberately inserting a delay into certain SMTP communications that are associated with spam or with other unwanted traffic. To be effective, these kinds of communications typically rely on generating a high volume of traffic. By slowing an SMTP conversation, you can dramatically reduce the rate at which automated spam can be sent or at which a dictionary attack can be conducted. Legitimate traffic may also be slowed by tar pitting.
The tar pit feature is available in Microsoft Windows Server 2003 and in several third-party SMTP servers. The tar pit feature in Windows Server 2003 works by slowing all responses that contain SMTP protocol 5.x.x error codes. An administrator can configure the delay that is introduced by the tar pit feature
The tar pit feature can be enabled and configured by setting a registry key. To do this, follow these steps.
NoteÂ If the TarpitTime registry entry does not exist, Exchange behaves as if the value of this registry entry were set to 0. When the registry entry has a value of 0, there is no delay when the SMTP address verification responses are sent.
- ClickÂ Start, clickÂ Run, typeÂ regeditÂ in theÂ OpenÂ box, and then clickÂ OK.
- Locate and then click to select the following registry subkey:
- On theÂ EditÂ menu, point toÂ New, and then clickÂ DWORD Value.
- TypeÂ TarpitTimeÂ as the registry entry name, and then press ENTER.
- On theÂ EditÂ menu, clickÂ Modify.
- ClickÂ Decimal.
- In theÂ Value dataÂ box, type the number of seconds that you want to delay SMTP address verification responses for each address that does not exist. Then, clickÂ OK. For example, typeÂ 5, and then clickOK. This delays SMTP address verification responses for 5 seconds.
- Quit Registry Editor.
- Restart the Simple Mail Transport Protocol (SMTP) service.