>About tarpitting. It seems to me that any half technical spammer will >use a multi threaded program that opens thousands of simultaneous SMTP >connections. A tar pit would only stall one of those connections, using >a few KB of RAM. Hundreds of tar pits would only slow the spammer by a >fraction of a percent.
Basically true, but that's only one aspect of tarpitting. Since the spammer has to keep open an available port, that's one less port he can use from any given IP address (using vanilla port management) to blast out his spam. 65000 or so simultaneous injections going on via multithreading sounds like a lot, but compare that to the size of the typical data base of intended recipients of spam. I've done some pretty mundane tarpitting via patches to qmail-smtpd, and noticed that remote port numbers for incoming connections often reach the 50000 and 60000 range. That's not necessarily due to my own tarpitting (I'm running just one tiny system), but it suggests those systems already run out of available ports at times, so tarpitting would definitely hurt *their* throughput. (Some of them are legit MTAs that unfortunately relay spam and vermin on behalf of their customers.) As spam runs take substantially longer, spamware vendors will find their customers asking for methods to cut down the time they take, so as to reduce their exposure to TOS, law, and other forms of enforcement. Yet most any algorithm spamware uses to counteract tarpitting would likely make it easier for SMTP servers to distinguish such clients from other, including legitimate, clients. A hundred or so systems tarpitting probably aren't enough to make a dent. But at some point the penetration can reach high enough to cause spammers to purposefully route around such systems in order to improve their productivity, just as door-to-door proselytizers quickly learn to not bother certain types of people: those who invite them in to "talk" but are already solidly committed to their *own* religion. Since a major distinction between unsolicited bulk email (UBE) -- spam and vermin -- and legitimate email (including mailing lists) is the comparatively vast, yet untargeted, data base of recipients for which UBE is intended, it could be that any measure that artificially slows down the rate of successful deliveries within a mail run to all recipients (especially if the slowdown itself is targeted at unknown senders) will disproportionately hurt senders of UBE. -- James Craig Burley Software Craftsperson <http://www.jcb-sc.com>
