+ If you use "*!<user>@<host>" or "*!*@<host>" masks, these connections
+ are blocked even before the user is fully logged in (before PASS,
+ NICK, and USER commands have been processed) and before the child
+ processes for authentication are forked, so resource usage is smaller.