Microsoft Security Advisory (842851)
Microsoft released a security advisory that focus on the SMTP tar pit feature included with Windows Server 2003 Service Pack 1. This feature was previously available as a PSS update.
SMTP tar pitting is the practice of artificially delaying server responses for certain SMTP communication patterns and it's used to help fighting spam attacks, such as Directory Harvest Attack (DHA). In a DHA, an attacker unleashes a program that guesses all the possible e-mail addresses within a domain and attempts to send messages to those addresses. Normally the SMTP server will respond with a "550 User unknown" message to the non-existing addresses, so after a succeeded DHA the spammer will know the valid addresses.
250 2.1.0 <>....Sender OK
550 5.1.1 User unknown
A brute force attack such as DHA with 4 characters can be completed in about 20 minutes. By introducing a 5 sec. delay it will now take months.