Skip to main content

Ralsina.Me — Roberto Alsina's website

Tarpitting works. Here's proof.

I have re­cent­ly en­abled tarpit­ting in one of my cus­tomer's mail server­s.

Tarpit­ting is adding a small de­lay af­ter each re­cip­i­ent (after a cer­tain num­ber of them). The idea is that a mes­sage with a few re­cip­i­ents goes fast, a mes­sage with many goes slow.

So, it should make spam­mers less ef­fi­cien­t.

Some mail ad­min­is­tra­tors say tarpit­ting does­n't work. That spam­mer­s, in­stead of send­ing a zil­lion mails over one con­nec­tion, send a few over each of a zil­lion con­nec­tion­s.

But a zil­lion con­nec­tions are more ex­pen­sive for the spam­mer! Or at least slow­er.

Well, I have proof that it does work. Sure, some­thing like a per-ip lim­it on con­cur­rent SMTP con­nec­tions is a good com­ple­men­t, but even naïve tarpit­ting, all by it­self, has a good ef­fec­t.

Since I en­abled it, peak mes­sage rate is down 60%, av­er­age is down 40%. Pret­ty good!

But a pic­ture is worth 1000 word­s...