elium
Joined: 04 Dec 2006
Posts: 28
|
 Posted: Thu Jul 12, 2007 12:16 pm Post subject: Teergrubing aka Tar Pits |
 |
|
I came across this on the site [url]http://www.gloomytrousers.co.uk/russ/spam_countermeasures.shtml[/url] and am curious as to if anyone has any additional information or even idealy any implementation experience for such a concept
[quote]Teergrubing (German for "tar pit") sounds like a great idea and is something I may investigate in future. The basic idea is to respond v-e-r-y--s-l-o-w-l-y to connecting mailservers, using multi-line SMTP responses with the lines sent just frequently enough to prevent the sending server from timing out and disconnecting. This consumes little bandwidth or resources on your server, but prevents the spamming server from closing the connection and sending spam to the next victim.
There are a number of variations on the theme. Some apply a delay to all servers before accepting the mail (e.g. applying a 60 second delay is unlikely to impact a legitimate server, but would cost a spammer several tens of message deliveries), some apply a variable slowdown based on various factors (e.g. how many recent connections have been made, trust level, etc.), but the one I prefer is to only apply the slowdown once you've positively identified the spammer by some other means (based on IP address, message content or whatever), and then to hold the connection open for as long as possible (up to some limit based on the confidence of your identification of the spammer) before rejecting the message.
Another variation is to install a teergrube program (e.g. this perl script) on machines that aren't used as mailservers - the idea is that no legitimate server would ever connect to these, so any connections are almost certainly from be spammers who've found the server with a port scan, and can thus safely be teergrubed.[/quote] |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
