Greeting delay & Hybrid filtering

A greeting delay is a deliberate pause introduced by an SMTP server before it sends the SMTP greeting banner to the client. The client is supposed to wait until it has received this banner before it sends any data to the server. (per RFC2821 3.1). Many spam-sending applications do not wait to receive this banner, and instead start sending data once the TCP connection is complete. The server can detect this, and drop the connection.

There are some legitimate sites that play "fast and loose" with the SMTP specifications, and may be caught by this mechanism. It also has a tendency to interact badly with sites that perform Callback Verification, as common callback verification systems have timeouts that are much shorter than those mandated by RFC2821 4.5.3.2.

Hybrid filtering, such as is implemented in the open source programs SpamAssassin and Policyd-weight, uses some or all of the various tests for spam, and assigns a numerical score to each test. Each message is scanned for these patterns, and the applicable scores tallied up. If the total is above a fixed value, the message is rejected or flagged as spam. By ensuring that no single spam test by itself can flag a message as spam, the false positive rate can be greatly reduced.