Re: [Asrg] Tarpitting

Alessandro Vesely wrote:

Thus, you are suggesting that drop, which can be considered a poor man'starpit, wrt reject can be more effective. Or is the reason (shorttimeout bots give up) rooted in the fact that tarpitting exists?

Rooted in the fact that attempting to "negotiate" thru slow delivery isnot in the best interests of increasing the sheer quantity ofdeliveries, whether it be tarpitting, banner delays, or just slow MTAs.

If most (or the big) receivers started deliberately slowing deliverythen the spammers would have to change tactics again.

Dropping 'em at the router is difficult, because routers (at present)can't be configured to hold all the IPs you'd like it to, and can onlybe used very selectively.
(Using a Linux box may overcome that limit)

It may, and at first glance, it might seem no worse than letting the MTAdo the queries and rejects at connect, but consider:

- the temptation, of course, is to apply the technology for more thanjust port 25. This could cause some serious performance problems if thesubnet (behind the router) doing this is does more than just inboundemail - like web traffic or DNS. Secondly, not all DNSBLs should beused this way. Eg: PBL or CBL/XBL.

- timing requirements are a lot more stringent at router level. A querydelay that might be more than reasonable for SMTP level could causelegitimate connections to fail at the TCP/IP level.

If the linux box doing the router-level stuff is co-resident with theMX, it could be quite tractable. On the other hand, getting, say, IPFto do it might be more than a minor challenge.

[I think spamd effectively does this to a certain extent, but I've notresearched it very well.]

It'd be well to consider why Spamhaus DROP is so small. Not only arethere size constraints, but also the difficulty in distinguishing rangesthat are so bad you want to drop _everything_, not just SMTP.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg