Skip to main content
A dictionary attack occurs when a sender — typically a spammer — connects to a mail server and issues a large number of RCPT TO commands to identify which email addresses are valid. This floods the server with validation requests that consume CPU and memory, often degrading or disabling the server for legitimate traffic.

How traditional servers handle dictionary attacks

Most mail servers defend against dictionary attacks by rate-limiting SMTP responses or disconnecting clients that exceed a threshold of invalid recipient checks. However, this approach has limits: each new connection from a banned client still consumes server resources just to issue the rejection. At high attack volumes, even rejecting connections becomes costly.

How MailChannels protects downstream servers

MailChannels places an SMTP proxy between senders on the internet and your downstream mail servers. This proxy uses asynchronous I/O — it can handle a large number of concurrent connections efficiently, without spawning a heavyweight process per connection. The proxy only relays SMTP commands to your downstream server when necessary. During a dictionary attack, the proxy can absorb and reject connection attempts without those attempts ever reaching your mail server. Your server is shielded from the flood.

Behavioral rate limiting

MailChannels tracks sender behavior in a time-domain database that records events — such as invalid recipient checks — with timestamps. The policy system queries this database to detect senders that are exceeding normal thresholds. When a sender breaches a configured limit, MailChannels rejects further connections from that sender — temporarily or permanently — without involving your downstream server. Because the proxy handles the rejection, no TCP connection attempt reaches your mail server, conserving its resources entirely. This approach stops dictionary attacks at the perimeter, before they can affect the systems behind MailChannels.