http://www.networkworld.com/news/2007/040207-mit-spam-tarpits.html By Cara Garretson Network World 04/02/07 CAMBRIDGE, MASS. -- Researchers have learned that spammers are impatient people, and theyre figuring out ways to exploit that characteristic to block unwanted e-mail. Two presenters at the MIT Spam Conference 2007 held here last Friday are examining ways to significantly cut back on the amount of spam received by tricking spammers into believing theyve been caught in an SMTP tarpit and forcing them to disconnect before the unwanted messages have been sent. An SMTP tarpit is used to catch spammers by slowing down the responses that the receiving mail server sends back to the sender who is attempting to connect and send mail. Because spammers typically blast out unwanted messages in bulk and have many connections to make, waiting for slow ones can mean lost dollars and they will usually disconnect rather than wait for responses, said Tobias Eggendorfer, a researcher with the University of Munich in Germany. However, this approach to catching spam would mean that anyone trying to send e-mail to an organization using an SMTP tarpit would have an equally slow experience, making it an untenable option for most companies. To overcome that obstacle, Eggendorfer developed an approach called SMTP tarpitting simulation that uses stuttering, which slows down a mail server for the first few moments of connection, then returns to normal speeds, he said. Spammers are tarpit-aware; they set short time outs and start disconnecting soon after they believe to be caught in one," Eggendorfer said. But honest senders would continue to send. The tarpit simulator Eggendorfer developed, which is implemented on an SMTP proxy, cuts down spam volume by 80%. It would have to be used in combination with other spam-catching techniques that would filter the remaining 20%, he said. Whats attractive about this technique is that by forcing the spammer to drop the connection, organizations save on the bandwidth, storage and processing power needed to implement other types of spam filtering that require the messages to be received, Eggendorfer said. Another presenter at the conference discussed the advantages of e-mail connection management. Ken Simpson, CEO of MailChannels, has developed software that works with any existing mail system and leverages reputation and behavior information about senders to allocate connection resources. The theory is spammers are impatient, so if you slow them down a bit theyll go away, Simpson said. Most spammers will give up within 10 seconds of establishing a connection. MailChannels software relies on sender reputation information to decide which connections to throttle back, Simpson explained. You cant throttle everyone, so adding a good reputation component is an important part. __________________________ Subscribe to InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Apr 03 2007 - 00:26:51 PDT