IMPSEC.ORG domain SMTP tarpit policy

The IMPSEC.ORG domain implements an SMTP tarpit as a reactive defense against repeat spammers. If you attempt to send email to IMPSEC.ORG addresses in a manner that appears excessively spammy, your MTA may be automatically added to a tarpit list, and any SMTP connections from your MTA will be tarpitted for a period of time that can be up to several weeks.

This means that if your MTA has been tarpitted and then attempts to send email to the IMPSEC.ORG domain, every thread that attempts to send such an email will become "stuck" for as long as possible. Ideally, this will cause your MTA to occupy all of its delivery threads attempting to send email to this domain, and will cause your MTA to essentially stop delivering all outbound email until reset. All SMTP connections will be tarpitted regardless of the nature of the email that is being sent.

This is a very aggressive response; it is only taken when confronted with continuing attempts to abuse the IMPSEC.ORG mail system through unwanted traffic that is either clearly being rejected by the IMPSEC.ORG MTA or clearly unethical (e.g. attempting to spam the administrative addresses of a subscribers-only mailing list).

If you wish to contact the IMPSEC.ORG postmaster at <postmaster@impsec.org> you will need to do so via a different MTA, for example your personal account with a public ISP, or a Hotmail or Gmail account. If your MTA appears in the tarpit list you WILL NOT be able to send email to any IMPSEC.ORG address via that MTA.

This is not a Denial-of-Service attack, since your MTA initiated contact attempting to send unwanted and abusive traffic; we did not contact you. If you do not wish your MTA to become stuck in the IMPSEC.ORG SMTP tarpit, do not send spam to email addresses in the IMPSEC.ORG domain.

Your MTA's IP address will eventually expire from the tarpit list, but if you continue to attempt to send spam to IMPSEC.ORG addresses your MTA will likely go right back onto the tarpit list.

A MTA will be automatically tarpitted if it repeatedly attempts to send mail to IMPSEC.ORG addresses while meeting any of the following criteria:

The MTA's IP address appears on the zen.spamhaus.org DNSRBL.
The MTA's IP address appears on the list.dsbl.org DNSRBL.
The MTA's IP address appears on the web.dnsbl.sorbs.net DNSRBL.
The MTA's IP address appears on the http.dnsbl.sorbs.net DNSRBL.
The MTA's IP address appears on the socks.dnsbl.sorbs.net DNSRBL.
The MTA's IP address appears on the misc.dnsbl.sorbs.net DNSRBL.
The MTA's IP address appears on the zombie.dnsbl.sorbs.net DNSRBL.
The MTA's IP address appears on the rhsbl.sorbs.net DNSRBL.
The MTA attempts to send data before receiving the IMPSEC.ORG server's greeting, in violation of RFC2821 §4.3.1
The MTA attempts to send many messages from sender addresses that are being rejected for historical spam activity against IMPSEC.ORG domain addresses.
The MTA attempts to send many messages to the administrative addresses of mailing lists hosted by the IMPSEC.ORG domain.
The MTA attempts to send many "spam rejected by filter" non-delivery notices (bounces) to forged sender addresses in the IMPSEC.ORG domain. Please only send bounces in response to messages that pass SPF tests!

If your MTA is being tarpitted because you have a history of spamming IMPSEC.ORG email addresses and have been put on the IMPSEC.ORG rejection list: clean up your mailing list. If every message you attempt to send to a given address is rejected with an SMTP 5.x.x hardfail saying "rejected for being a spammer", then stop sending mail to that address. You will not then become tarpitted by that address.

If your MTA is being tarpitted because you rejected a bunch of spam that has forged IMPSEC.ORG sender addresses, then stop sending bounce notices for messages that are rejected by your spam filter. Doing this is considered bad practice and can lead to your site acting as a DDoS reflector.

IMPSEC.ORG publishes SPF records. Please use them. Valid IMPSEC.ORG email will only ever originate from the hosts published in the IMPSEC.ORG SPF record.