spf-discuss
[Top] [All Lists]

Re: Tarpitting and SpamCannibal (was Re: Brainstorming RFROM variants)

2004-05-22 09:11:09
On May 22, 2004, at 8:12 AM, Carl Hutzler wrote:
What if 89% of your spam comes from other ISP's main MTAs like bellnexxia, comcast, videotron, bigpond, bbtec, fuse, earthlink, etc.... Do people think these tarpitting approaches would be a good alternative (as opposed to blocking the MTAs outright)?

-Carl

PS: I do agree that you need to tarpit before the SMTP host due to connection limit and DOSing yourself. We have that same concern.

Then again, MTAs are beginning to support high SMTP concurrency (like >100,000 concurrent connections). So, the techniques are becoming more suitable for "in session" deployment. That's what we do here. The beauty of doing in-session tarpitting within the MTA is that you can make them pay a serious, but *finite* cost. If you think they are a spammer, just make them spend 60 or so seconds in every SMTP phase. Think of it like the HASHCASH proposals, just with time instead of computation.

// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth