As you may know, Exchange 2003 can be configured to block emails sent to recipients that do not exist, blocking the e-mail message at the Simple Mail Transfer Protocol (SMTP) level. As a result, a sender can enumerate e-mail addresses that do exist by using a technique that is known as a directory harvest attack.
When you select the Filter recipients who are not in the Directory check box when configuring recipient filtering, directory lookup for recipients is enabled. This gives senders of unsolicited e-mail the ability to discover valid e-mail addresses in your organization by sending mail using a long list of popular aliases and name combinations, looking for valid addresses.
To address this issues, Microsoft released a security update which adds a feature called "tar pit" that delays the SMTP address verification responses for each invalid address. By delaying the response, it's costly in terms of time and resources for an attacker to try to obtain the Global Address List using a directory harvest attack against an SMTP server. By default, this feature is disabled and you can control the delay time by setting the value of the TarpitTime registry entry.
Because only anonymous connections are affected by the TarpitTime registry entry it's recommended that you only use this registry entry on the Internet-facing mail gateway servers.
To add the tar pit feature to Exchange 2003, install the MS04-035 security update for Windows Server 2003.3.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters
DWORD: TarpitTime
Value data: enter number of seconds to delay SMTP responses if the address does not exist
Restart the Simple Mail Transport Protocol (SMTP) service.
Note If the TarpitTime registry entry does not exist, Exchange behaves as if the value of this registry entry were set to 0, or no SMTP response delay.
More Information
See https://support.microsoft.com/kb/842851 for more information about the tarpittime key.
For additional information about this security update, see MS04-035 Vulnerability in SMTP could allow remote code execution in Microsoft Windows Server 2003.