-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First up, sorry if these thoughts have already been posted but since the archive isn't up and running yet I've got no way to check.
My understanding is that the purpose of tarpits is to cause spammers to use up a critical resource - namely bandwidth. However, from where I stand, they don't appear to do that. Under the proposals at http://www.martiansoftware.com/articles/spammerpain.html, the SMTP server would "throttle" spammy connections by slowing responses from the server to the client. It doesn't make clear what level the connection would be slowed at (SMTP or TCP) but even assuming TCP (which appears to be the better of the two), tarpits don't actually cause a significant increase in the bandwidth required to transmit spam. What a tarpit does do is use up another resource - elapsed time. However, this is not a critical resource for a spammer. A spammer can easily open several simultaneous connections to the same SMTP server. If each connection is throttled 10- or 100-fold, the spammer only needs to create 10 or 100 connections to get the same throughput. Furthermore, those 10 or 100 connections don't need to be to the same server (because the email addresses in their database will cover many servers). In that way, the spammer avoids a tarpit modification which gives a total effective speed to an IP address (for example). Essentially, a spam sender may as well keep creating connections up to the point where their bandwidth has become exhausted. So, how could we modify a tarpit to actually cause increased bandwidth use for the spammer? A tarpit operating at the TCP level could fail to respond to a percentage of the packets (as determined by message spamminess) rather than slowing its response. This would cause the spammer to have to retransmit those packets which would genuinely cause it to use more bandwidth. However, there is a significant problem with this approach (as well as a few minor ones). The server that is receiving the spam suffers an increase in bandwidth use. History has shown time and again that companies generally won't sacrifice themselves for the common good. For example, virtually no IP address egress filtering occurs. (If it did, IP source address spoofing would be a thing of the past.) For a company to install a tarpit it would effectively be saying "Sure, I don't mind spammers using up my bandwidth so they don't use up somebody else's". I'd love to hear from anybody who thinks they have a (bandwidth) inexpensive way of using spammers bandwidth but to me it seems like mission impossible. Andrew -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPmTitgXqoqbqowOrEQLLAgCg4zyYwskQW+M35JCEsUP4Ws3DqNYAniCE ggOyR0/6KyELWzrlGzph5B+E =MAyQ -----END PGP SIGNATURE-----
