More on Reducing Spam

I recently posted some ideas about Reducing Spam. Since then, the gears kept turning and I’ve gotten some more ideas on how make this defensive system a little more proactive, and eventually start to slow down the spam networks. As I mentioned in my last article, the spammers are using distributed networks of computers to send the spam, so it will take distributed networks of mail servers to overcome the onslaught.

This is probably a mish mash of things you’ve read before. Let us assume that spam IP addresses are still permitted to deliver e-mail to the fake e-mail addresses and get routed to /dev/null. Why stop there? When a spam IP address connects to the mail server, the server should introduce random waits into each stage of the connection. Before responding to the spam IP, the mail server thread could go to sleep for 10-20 seconds. At every possible stage of the communication, the mail server thread should just sleep. This uses very few resources on the mail server (tying up handles), and if you’re concerned about this opening your server up to a DoS attack, that should be easy enough to prevent. Just keep a counter of how many spam IPs are attaching, and start dropping spam connections when a threshold is exceded.

An individual mail server will not make much of a dent in a spam bot network with this approach, but once hundreds, or thousands of mail servers start to implement this type of reverse DoS defense, the spam bots will start to slow down. Slowing down the bots may be just what we need to reclaim some of our lost bandwidth.

With spammers now sending image files to fool spam filters, the Internet is getting as congested as ever, and we are all paying for the bandwidth. It’s time to start thinking more about ways to throttle spam.

Posted by