[Top] [All Lists]

Re: Proposal: Using Conservative EHLO Response Parser Behaviour For Tarpitting

2007-06-18 11:04:26

On Jun 18, 2007, at 5:41 AM, David F. Skoll wrote:

This is a very bad idea on a number of levels:

1) Tarpitting occupies server resources, making it easier to DoS the

2) Tarpitting is useless against an attacker with essentially infinite
CPU and bandwidth resources --- and that's the kind of attacker a serious
spammer is.

Agreed -- particularly if the spammer has access to botnets.

3) Relying on "genuine" clients to adhere strictly to RFC-defined timeouts
is dangerous.

4) It is perfectly possible to delay the client before EHLO. That's what Sendmail's greet_pause feature does. However, it's *not* designed to be
a tarpitting mechanism.  Rather, it's designed to detect SMTP clients
that send everything in one burst without waiting for the initial greeting
(and also to detect clients that use broken proxy servers.)

5) If this were standardized or even widespread, spammers would adapt easily (much easier than the good actors can change). It can only be useful as a trick that a few systems use.


<Prev in Thread] Current Thread [Next in Thread>