Friday, September 22, 2006

Slow Spam

Most people have big problems with the amount of spam that arrives in their Inbox daily. Some have anti-spam software loaded on their PC, others have spam filtering on their own mail servers. While spam filtering software is getting better, there is not a single solution that filters 100% of spam.

This site hopes to provide another tool in the fight against the problem of spam, and the spammers that send it.

OK, so let's get a little technical... most internet domains have DNS entries known as MX records. These records let mail servers know where to send email for that domain. A domain typically has a couple of MX records, a primary one where email is normally delivered to, and a backup that is used in the event of the primary being unreachable. Each MX record has a priority associated with it... this is a number, and the server with the lowest number is considered to be the primary. Servers with higher numbers are only normally used if the primary is not working.

Most mail servers have the ability to provide some level of filtering for spam. But in a multi-server environment it's quite common for the primary to have spam filtering but the backups to have none. This is typically the scenario if you run your own mail server complete with filtering, but rely on your ISP as a backup.

Knowing this, spammers have been able to exploit the fact that low priority mail servers have no filtering, by sending mail directly to them. Spammers use custom software that ignores the normal rules of picking the highest priority servers, instead preferring the lowest priority one. This software can range from modified copies of common MTA agents to custom written "spambots" that infect compromised machines on the internet.

So, what can you do about this? Well, we can start playing them at their own game. The website is dedicated to finding ways to slow down, and block spam on the internet. Today we're launching our first tool, an SMTP Tar Pit.

The ideal behind the SMTP Tar Pit is to trap rogue mail servers and prevent them from delivering spam, and to keep them busy for as long as possible, delaying them sending the next message.

To deploy the SMTP Tar Pit you need to be able to modify your domain's DNS record... if you don't know how to do this, find someone to help you. Add in an MX record with a low priority (high number) and point it to This address is a publicly available instance of the SMTP Tar Pit.

So, for example, your DNS MX records may look like:

MX 10
MX 20
MX 90

In the event that a genuine email is tried to be delivered to the TarPit, the sending MTA will timeout, and retry against one of the other mail servers.

If you wish to run your own SMTP Tar Pit, you can download our software from The software is written in Java, so should run on most platforms... and the source is included if you want to examine what it's doing, or customize it for your own needs. It's released under the GPL, so please give back any changes you make to the community.

Worried about your email being disclosed to the TarPit? Well, it's certainly possible to write a TarPit that stores any email sent to it... but, this one stores nothing, and never actually sees the email. The most we see from the remote MTA (the sender) is the "HELO" message... we then keep the server busy so it never sends the email. This design allows the TarPit to use minimal network bandwidth, and avoids any privacy concerns as we never receive any details about the emails.

The only thing we log is the IP of the remote MTA, when it connected and when it disconnected. That's it.

We need help in the effort to defeat spammers, and encourage others to run public SMTP Tar Pits - drop us an email, we'll build up a list and post it here.

No comments: