I am not sure if tar-pitting at a slow kbps rate will work. "If" I were a professional spammer, I would have a cluster of mail servers with aggressive timeouts. The timeouts would only allow mail to go to reasonably fast hosts. I would then use a fallback mx host to deal with all the slow mail.
For the tar-pitting to work, you would have to integrate it on a massive level. So many people (1000's) across the globe would have to setup standalone mail hosts with a capped data pipe, at say 16Kbps. Then they would have to post email addresses all over the internet to be harvested. If you go this route then, maybe it might be easier to just aggressively post invalid email addresses all over the internet. By invalid, I mean a mx record exists, but the address will result in a 550. As a result the harvesting of addresses will become a dirtier process, yielding poorer lists. All this relies on many assumptions. We assume spammers regularly harvest addresses off usenet. We also assume that they clean their list when address appears to be bad. Has anybody tested this? As an experiment, I was thinking about posting a spamtrap address, and then see how long it takes for a sizable amount of spam to come in. Then, remove the user, resulting in 550. Then monitor inbound attempts for that address and see at what rate the traffic falls off. For all we know, maybe spammers don't clean their lists, and they are already wasting resources on bad addresses. John -----Original Message----- From: Jens Benecke [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 3:13 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Re: [OT] What is next step? Chris Santerre wrote: > I block about 98% of the spam to my users. Many SA users at other > companies simply mark it and deliver. Lets say for sake of argument that > we can sustain a successful rate of tagging or blocking 90% of spam. > > What is the next step? > > We have all posted stats that prove that over 50% of email is spam. Now > that we can tag or block (to user), it doesn't stop the traffic. I still > have 50% traffic on the server as useless. What do we do? I'm serious > about this. I've had a new found passion against spammers this weekend, > and I wish to go further. (They lambasted my grandfather over the week on > his dialup. Vengeance will be mine!) There is a way, though I haven't tested it yet (if the days only had 36 hours, ... plus 24 hours night) We all know blackhole lists. Most/many people block or score based on blackhole lists. How about tying spammers' resources by not blocking, but TARPITTING anybody who is on a (confirmed?) blackhole lists like SPEWS? The point is to prevent more spam. The only way to do that is to make the spammer *believe* it can send you more spam and invest resources into the task. Not accepting spam or dropping it after receiving it will just make the spammer move to the next open SMTP or proxy. But what if mail, that comes from a spammer IP, is accepted, with 10 bytes per second? Or less? Just enough so that the spammer doesn't drop the connection. Then a single mail will take minutes instead of seconds to deliver. Maybe hours. That means during that time, some of the spammer's resources are blocked, and he cannot spam anybody else. (e.g. the spammer sends max. 100 mails at a time, now he can only send 99 mails at a time, because one task is blocked. If enough people do it ...) Ask Google for "teergrube" (German for tarpit), there are a lot of people doing this already, but not (yet) for mails. -- Jens Benecke ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
