> Yes, I think the point was though, that if tarpit becomes common and > spammers can't use up their bandwidth anymore they may start to open more > than one connection in order to deliver. I've recently joined the list and > archives weren't available when I joined so I don't know what you original > comments may have been.
"Some [spam] is delivered directly, but most passes through open relays." -- http://www.ripe.net/ripe/wg/anti-spam/r39-minutes.html Spammers contact an open relay, send the text of the message once, put thousands of names in the Bcc: field, and then disconnect. It all happens in a few seconds. Then the open relay spends hours delivering the spam. Tarproxy isn't going to affect the spammers directly, because they only talk to open relays. If one of these open relays started running tarproxy, the spammers would just take it out of their rotation. The place to attack is the open relay. The owner of the open relay is not trying to spam people; they either don't know it's being used that way or don't care. Because of this, they're not part of the arms race -- the open relay isn't going to adapt to tarproxy. As soon as the admin realizes there is a problem and decides they have to take action, we've won. It was suggested on this list that the open relay problem has been solved by open relay blacklists, but it really hasn't, since i still get tons of spam that passes through open relays. Tarproxy can be better than these blacklists for at least two reasons: - The blacklists have to be updated reactively, which takes effort and time. There's a lag between the time an open relay starts relaying spam and the time its IP address has been circulated to the users of the blacklist. Tarproxy, on the other hand, is proactive -- it stops the open relay the very first time it goes to work. - Blacklists only help people who use them. Many ISPs and large institutions are hesistant to use a blacklist for whatever reason. They get no protection, and there are enough of them that the spammers can keep turning a profit by just spamming the huge percentage of people who don't have such protection. On the other hand, if a critical mass of tarproxy installations were reached, it would help everyone, even non-users.
