On Jun 18, 2007, at 5:41 AM, David F. Skoll wrote:
This is a very bad idea on a number of levels:
1) Tarpitting occupies server resources, making it easier to DoS the
server.
2) Tarpitting is useless against an attacker with essentially infinite
CPU and bandwidth resources --- and that's the kind of attacker a
serious
spammer is.
Agreed -- particularly if the spammer has access to botnets.
3) Relying on "genuine" clients to adhere strictly to RFC-defined
timeouts
is dangerous.
4) It is perfectly possible to delay the client before EHLO.
That's what
Sendmail's greet_pause feature does. However, it's *not* designed
to be
a tarpitting mechanism. Rather, it's designed to detect SMTP clients
that send everything in one burst without waiting for the initial
greeting
(and also to detect clients that use broken proxy servers.)
adding:
5) If this were standardized or even widespread, spammers would adapt
easily (much easier than the good actors can change). It can only be
useful as a trick that a few systems use.
Lisa