Get totally free music and movies. Download P2P
software and start file sharing.
Click here No scams, no BS. Get BitTorrent, eMule, LimeWire or
Shareaza
Click here
Another design for tarpits directly controls the TCP/IP protocol
stack, holding the spammer's network socket open without allowing any
traffic over it. By reducing the TCP window size to zero, but
continuing to acknowledge packets, the spammer's process may be tied
up indefinitely. This design is more difficult to implement than the
former. Aside from anti-spam purposes, it has also been used to absorb
attacks from network worms. [5]
As of late 2005 much of the spam sent is through so-called "zombie"
systems, of which there are potentially a very large number. This
makes the actual effectiveness of tarpits questionable, as there are
so many spam sources that slowing just a few has little real effect on
the volume of spam received.
Another approach is simply an imitation MTA (open relay honeypot)
which gives the appearance of being an open mail relay. Spammers who
probe systems for open relay will find such a host and attempt to send
mail through it, wasting their time and potentially revealing
information about themselves and the source of spam to the unexpected
alert entity (in comparison to the anticipated careless or unskilled
operator typically in charge of open relay MTA systems) that operates
the honeypot. Such a system may simply discard the spam attempts,
submit them to DNSBLs, or store them for analysis. It may be possible
to examine or analyze the intercepted spam to find information that
allows other countermeasures. (One honeypot operator was able to alert
a freemail supplier to a large number of accounts that had been
created as dropboxes for the receipt of responses to spam. Disabling
these dropbox email accounts made the entire spam run, including the
spam messages relayed through actual open relays, useless to the
spammer: he could not receive any of the responses to the spam sent by
gullible customers.) The SMTP honeypot may also selectively deliver
relay test messages to give a stronger appearance of open relay
(though care is needed here as this means the honeypot itself and the
network it is on could end up on spam blacklists). SMTP honeypots of
this sort have been suggested as a way that end-users can interfere
with spammers' activities (code: Java [6], Python [7]).
As of late 2005 open relay abuse to send spam has greatly declined,
resulting in a lowered active effectiveness of open relay honeypots.
(Passively, the honeypots or threat of same create an inducement for
spammers to not abuse open relays.) Other types of honeypot (below)
may still have great effectiveness.
Spammers also abuse open proxies, and open proxy honeypots (proxypots)
have had substantial success. Ron Guillmette reported in 2003 that he
succeeded in getting over 100 spammer accounts terminated in under 3
months, using his network (of unspecified size) of proxypots. At that
time spammers were so careless that they sent spam directly from their
servers to the abused open proxy, making determination of the identity
of the spammer's IP address trivial so that it was easy to report the
spammer to the ISP in control of that IP address and easy for that ISP
to terminate the spammer's account.
Unlike most other anti-spam techniques tarpits and honeypots work at
the relay, proxy, or zombie (collectively, "abuse") level. They work
by targeting spammer behavior rather than targeting spam content. One
beneficial fallout from this is that these tools are not required to
have any means of distinguishing spam from non-spam. Because they
capture spam at the abuse level they are not part of any legitimate
email pathway and it can be confidently assumed that what they capture
is 100% spam or spam-related (e.g., test messages.) Anti-spam measures
at (or after) the destination server level protect specific email
addresses but must include code to distinguish spam from non-spam.
Anti-spam measures at the abuse level protect whatever the email
addresses are that are being targeted by the spam directed through
them and are hence non-specific but need no code to distinguish spam
from non-spam. The main purpose of abuse-level tools is targeting spam
and spammers themselves while the main purpose of server-level tools
is to protect specific email addresses. What abuse-level tools lose in
specificity may be more than made up by the inherent simplicity that
results from not having to be able to separate valid email from
invalid email.
In late 2005 Microsoft announced that it had converted an actual
zombie system to a zombie honeypot. One result of this was a lawsuit
by Microsoft against about 20 defendants, based on evidence collected
by the zombie honeypot.
Note that there is some terminological confusion. Some people refer to
"spamtraps" as "honeypots." In this context a "spamtrap" is an email
address created specifically to attract spam. These run at the
destination level rather than at the relay, proxy or "spam zombie"
level.
Challenge/response systems
Another method which may be used by internet service providers (or by
specialized services) to combat spam is to require unknown senders to
pass various tests before their messages are delivered. These
strategies are termed challenge/response systems or C/R, are currently
controversial among email programmers and system administrators.
Spam reduction tools
Mozilla and the stand-alone Thunderbird: e-mail programs ("clients")
with a Bayesian filter, i.e. a filter that keeps learning and is
therefore able to adapt to the constantly changing forms of spam
