On Thursday 25 March 2004 01:20, Guillaume Filion wrote: > Tim Meadowcroft wrote: > > I started off thinking that I'd suggest adding basic tar-pitting > > (http://www.gordano.com/kb.htm?q=1112) to selected plugins[...] > > About tarpitting. It seems to me that any half technical spammer will > use a multi threaded program that opens thousands of simultaneous SMTP > connections. A tar pit would only stall one of those connections, using > a few KB of RAM. Hundreds of tar pits would only slow the spammer by a > fraction of a percent.
Well, first off the "half-technical" bit is doubtful ;^) Then remember that I'm looking to stop the major source of who's joe-jobbing me, and these seem to home cable/DSL machines infected with trojans, and so many of them are going to low-end Win9x or similar, with little memory, a poor TCP/IP stack (yes, I did nmap quite a number of them when investigating who was joe-jobbing me - dangerous I know but I notified the abuse departments of the ISP of my actions), and crap threading, so stalling individual threads will slow those machines down - these aren't multi-CPU Solaris servers with efficient context switching and loads of RAM. Plus, these machine may have 500kbits/sec download, but are usually limited to something like 64kbits/sec upload, so by making them send the full virus payload (a 64k MIME encoded .scr or pif file) or whatever email they're sending before denying them, you choke and waste their upload bandwidth. That's why sending them a huge amount of text in return doesn't hurt that much, but choking their upload does. It's all about changing the economics of spam - like I said, refusing a connection early just makes life CHEAPER for the spammers - you're saving them money by rejecting their email before they've sent it, basic economic theory says that you should make rejections cost MORE than acceptance if you want to stop it. A typical stat is that a spammer sends 1 million spams for 1 sale - if you make 10% of those rejections cost less, his profit margin goes up. Make those same 10% cost 10x as much, and you've just doubled his costs. Cheers -- Tim
