From: InfoSec News (alertsinfosecnews.org)
Date: Tue Apr 03 2007 - 02:20:26 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.networkworld.com/news/2007/040207-mit-spam-tarpits.html

By Cara Garretson
Network World
04/02/07

CAMBRIDGE, MASS. -- Researchers have learned that spammers are impatient
people, and theyre figuring out ways to exploit that characteristic to
block unwanted e-mail.

Two presenters at the MIT Spam Conference 2007 held here last Friday are
examining ways to significantly cut back on the amount of spam received
by tricking spammers into believing theyve been caught in an SMTP tarpit
and forcing them to disconnect before the unwanted messages have been
sent.

An SMTP tarpit is used to catch spammers by slowing down the responses
that the receiving mail server sends back to the sender who is
attempting to connect and send mail. Because spammers typically blast
out unwanted messages in bulk and have many connections to make, waiting
for slow ones can mean lost dollars and they will usually disconnect
rather than wait for responses, said Tobias Eggendorfer, a researcher
with the University of Munich in Germany.

However, this approach to catching spam would mean that anyone trying to
send e-mail to an organization using an SMTP tarpit would have an
equally slow experience, making it an untenable option for most
companies. To overcome that obstacle, Eggendorfer developed an approach
called SMTP tarpitting simulation that uses stuttering, which slows down
a mail server for the first few moments of connection, then returns to
normal speeds, he said.

Spammers are tarpit-aware; they set short time outs and start
disconnecting soon after they believe to be caught in one," Eggendorfer
said. But honest senders would continue to send.

The tarpit simulator Eggendorfer developed, which is implemented on an
SMTP proxy, cuts down spam volume by 80%. It would have to be used in
combination with other spam-catching techniques that would filter the
remaining 20%, he said.

Whats attractive about this technique is that by forcing the spammer to
drop the connection, organizations save on the bandwidth, storage and
processing power needed to implement other types of spam filtering that
require the messages to be received, Eggendorfer said.

Another presenter at the conference discussed the advantages of e-mail
connection management. Ken Simpson, CEO of MailChannels, has developed
software that works with any existing mail system and leverages
reputation and behavior information about senders to allocate connection
resources.

The theory is spammers are impatient, so if you slow them down a bit
theyll go away, Simpson said. Most spammers will give up within 10
seconds of establishing a connection.

MailChannels software relies on sender reputation information to decide
which connections to throttle back, Simpson explained. You cant throttle
everyone, so adding a good reputation component is an important part.

__________________________
Subscribe to InfoSec News
http://www.infosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]