One obvious question is about the status of tarpitting w.r.t. RFCs
793 or 1122, that SMTP relies upon.
I can't think of any requirement in either of them that tarpitting
violates. If anyone can, I'd be interested to hear.
Is it a recommended action against spammers?
Some will recommend it. These days I don't think it's much use. The
only benefit I've ever seen in it is that it ties up sending threads.
But with the rise of botnet spamming, threads (and compuer resources in
general) are far cheaper to spammers than they are to receivers, so
there's little point. (In general, botnets let spammers externalize
almost all of their computer-resource costs.)
And what about filtering blacklisted IPs at the firewall level, i.e.
blocking (reject, drop, or tarpit) their syn requests? Is it better
than letting spammers consume our mailer daemon resources?
Unfortunately, that's about all that can be said without knowing more
about the environment the question is being asked for. For example,
some sites want to keep statistics at a level of detail that's
impossible if you don't let the mailer see everything. Others are
drowning under a sufficiently large flood that the only ways to cope at
all are to firewall off the worst offenders - or, I suppose, outsource
mail to someone with a much fatter pipe, which gets expen$ive. (There
are endless other reasons each way, too; these are just two examples.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Asrg mailing list