ietf
[Top] [All Lists]

Re: Why spam is a problem.

2002-08-13 12:23:08
On 13 Aug 2002, Perry E. Metzger wrote:

I currently get something like 150 to 200 spams a day. That is not a
misprint. I use tools to nuke most of it, but some still gets through
-- luckily not much.

I also get several hundred spams a day - many megabytes.

I'm slowly working on an idea (not yet clearly formed) to constipate the 
TCP stacks of those sending spam.

The core aspect of the idea is to make my TCP stack as near-dead as 
possible, without actually being dead, to incoming spam.  That will cause 
spam transfers to take orders of magnitude more time than they do today.

I want to add a new function to the API to TCP to tell it to go into a
kind of extraordinarily slow acknowledgment mode.  I'd add an additional
API function to to allow one to disconnect from a socket, but leaving the
connection open nearly indefinitely but throwing the incoming data into
/dev/null (sort of a super so_linger).  Then I want to integrate my
incoming mail handler with my spam detector and revised API so that I can
peek at incoming data and detect spam before I begin to ack the data.

For any incoming smtp connection, I'd tell the TCP stack to go into 
very-slow ack mode, thus giving my smtp engine and spam engines a chance 
to peek at the incoming stream.

If the incoming flow looks legit, then I'd instruct the TCP stack to
resume normal pacing of the stream and I'd process it with dispatch.  
Otherwise, I'd disconnect from the socket, instruct the TCP stack to let
the TCP connection linger with very slow ack pacing.

The net result of this is that a spammer who hits my machine will find 
his/her connection to me to be live - but just barely.  This will cause 
his/her TCP engine to sit on its connection resources for a very long 
time.  If the spammer hits enough machines that have this mechanism, the 
spammer's machine will end up with a significant portion of its connection 
resources occupied.

This would consume my resources as well, but my machines aren't usually 
involved in pumping tens of thousands of TCP connections, so I can afford 
the resource consumption.

Of course, a smart spammer could hack his/her TCP stack to detect my 
slow-receiving stack, but that is a job beyond the ability of most 
spammers.

                --karl--





<Prev in Thread] Current Thread [Next in Thread>