On 13 Aug 2002, Perry E. Metzger wrote: > I currently get something like 150 to 200 spams a day. That is not a > misprint. I use tools to nuke most of it, but some still gets through > -- luckily not much. I also get several hundred spams a day - many megabytes. I'm slowly working on an idea (not yet clearly formed) to constipate the TCP stacks of those sending spam. The core aspect of the idea is to make my TCP stack as near-dead as possible, without actually being dead, to incoming spam. That will cause spam transfers to take orders of magnitude more time than they do today. I want to add a new function to the API to TCP to tell it to go into a kind of extraordinarily slow acknowledgment mode. I'd add an additional API function to to allow one to disconnect from a socket, but leaving the connection open nearly indefinitely but throwing the incoming data into /dev/null (sort of a super so_linger). Then I want to integrate my incoming mail handler with my spam detector and revised API so that I can peek at incoming data and detect spam before I begin to ack the data. For any incoming smtp connection, I'd tell the TCP stack to go into very-slow ack mode, thus giving my smtp engine and spam engines a chance to peek at the incoming stream. If the incoming flow looks legit, then I'd instruct the TCP stack to resume normal pacing of the stream and I'd process it with dispatch. Otherwise, I'd disconnect from the socket, instruct the TCP stack to let the TCP connection linger with very slow ack pacing. The net result of this is that a spammer who hits my machine will find his/her connection to me to be live - but just barely. This will cause his/her TCP engine to sit on its connection resources for a very long time. If the spammer hits enough machines that have this mechanism, the spammer's machine will end up with a significant portion of its connection resources occupied. This would consume my resources as well, but my machines aren't usually involved in pumping tens of thousands of TCP connections, so I can afford the resource consumption. Of course, a smart spammer could hack his/her TCP stack to detect my slow-receiving stack, but that is a job beyond the ability of most spammers. --karl--