Jump to content

SpamCop Glossary Archive


Wazoo

Recommended Posts

I was in a hurry so didn't have time to make things change. I offered to edit the devnull entry. If you notice, my quote box does not say the same thing as Jeff's. As dbiel pointed out, I simply changed the attribute, hoping that people would see the entire post as 'another' suggested replacement.

Miss Betsy

Link to comment
Share on other sites

  • Replies 180
  • Created
  • Last Reply

Updated replacement:

merges the original post with both that of Jeff G. and Miss Betsy.

Any additional comments before making the swap?

<a name="devnulling"></a>/dev/null'ing

Sending something nowhere. SpamCop's parser discards messages by sending them to user#domain[at]devnull.spamcop.net (this is a pseudo-Report because it doesn't go anywhere, but it does get recorded in the statistics and can help keep an SCBL listing alive). Reasons for discarding reports include bouncing of previous Reports that were sent to user[at]domain, as well as SpamCop Deputy and SpamCop Admin intervention due to listwashing, ROKSO listing, obviously ignoring reports, passing reports to inappropriate places, etc.

The derivation of this term is the Unix Null Device /dev/null. Other terms for the same concept include vaporization, deletion, and sending something to a data sink, <a href="#Bitbucket">Bit Bucket</a>, DOS's NUL:, trash can, or round file.

For more info, please see Steps taken by the parser and Ellen's description of why Reports are turned off.

Link to comment
Share on other sites

The following have been merged into master glossary and all development posts merged into SpamCop Glossary Archive, Historical record of changes and posts:

Honeypot

Also posts related to the accidental truncation of the glossary have been relocated to the following new topic There IS a limit to the size of a post!, Using "Check post length" will help avoid losing data in the How to Use...>SpamCop Forum subforum or moved to the glossary archives as appropriate.

Link to comment
Share on other sites

New suggested entry:

<a name="tarpitting"></a>Tarpitting

Adding a delay in an SMTP conversation between mail servers in order to thwart spammers. A mail server can be set up to insert delays between messages when a single e-mail has a large number of recipients. It could send "X" number of messages without adding any delay, then start inserting a delay of 'X" seconds between additonal messages. For example, if a five-second delay were added to a million messages, it would take 60 days to release them from the mail server. The term comes from "tar pit." If you fell into one, you would be slowed down.

See TechEncyclopedia source of the above edited entry.

See Tarpit (computing) (link to Wikipedia) for additional references.

Edit 12-17-05 to incorporate comments by Jeff G.

Link to comment
Share on other sites

Tarpitting

Adding a delay between e-mail messages in order to thwart spammers.

38007[/snapback]

Is that only between messages in the same SMTP conversation, or can it also be between "RCPT TO:" recipients? Thanks!
Link to comment
Share on other sites

Is that only between messages in the same SMTP conversation, or can it also be between "RCPT TO:" recipients?  Thanks!

38018[/snapback]

Sorry, but you probably know better than I do. The definition post was a direct quote from TechEncyclopedia

The following is a quote from Wikipedia, the free encyclopedia.

Tarpit (computing)

Developed as a defense against a Computer worm tarpits are services on a computer system (usually a server) that delay incoming connections for as long as possible. The idea is that network abuses such as spamming or broad scanning are less effective if they take too long. The name is analogous with a tar pit, in which animals can get bogged down and slowly sink under the surface.

SMTP tarpits

Various methods have been discussed and implemented for SMTP tarpits, systems that plug into the MTA (Mail Transfer Agent, i.e. the mail server software) or sit in front of it as a proxy. One method increases transfer time for all mails by a few seconds by delaying the initial greeting message. The idea is that it will not matter if a legitimate mail takes a little longer to deliver, but due to the high volume, it will make a difference for spammers. The downside of this is that mailing lists and other legitimate mass-mailings will have to be explicitly whitelisted or they will suffer, too.

Another method is to delay only known spammers, e.g. by using a blacklist (see Spamming, RBL). OpenBSD has recently integrated this method into their core system, with a special-purpose daemon (spamd) and functionality in the firewall (pf) to redirect known spammers to this tarpit.

A more subtle idea is greylisting, which, in simple terms, rejects the first connection attempt from any previously-unseen IP address. The assumption is that most spammers make only one connection attempt (or a few attempts over a short period of time) to send each message, whereas legitimate mail delivery systems will keep retrying over a longer period. After they retry, they will eventually be allowed in without any further impediments.

Finally, a more elaborate method tries to glue tarpits and filtering software together, by filtering e-mail in realtime, while it is being transmitted, and adding delays to the communication in response to the filters "spam likeliness" indicator.

For example, the spam filter would make a "guess" after each line or after every x bytes received as to how likely this message is going to be spam. The more likely this is, the more the MTA will delay the transmission.

IP-level tarpits

Tom Liston (http://labrea.sourceforge.net/labrea-info.html) developed the original tarpitting program "LaBrea". It can protect an entire network with a tarpit run from a single machine. The machine listens for ARP requests that go unanswered (indicating unused addresses), then replies to those requests, receives the initial SYN packet of the scanner and sends a SYN/ACK in response. It does not open a socket or prepare a connection, in fact it can forget all about the connection after sending the SYN/ACK.

However, the remote site sends its ACK (which gets ignored) and believes the 3-way-handshake to be complete. Then it starts to send data, which never reaches a destination. The connection will time out after a while, but since the system believes it is dealing with a live, i.e. established connection, it is conservative in timing it out and will instead try to retransmit, back-off, retransmit, etc. for quite a while.

Later versions of LaBrea also added functionality to reply to the incoming data, again using raw IP packets and no sockets or other resources of the tarpit server, with bogus packets that request that the sending site "slow down". This will keep the connection established and waste even more time of the scanner.

Note: original post has been edited to include references to both sources.

Link to comment
Share on other sites

New suggested entry:

<a name="tarpitting"></a>Tarpitting

Adding a delay in an SMTP conversation between mail servers in order to thwart spammers. A mail server can be set up to insert delays between messages when a single e-mail has a large number of recipients. It could send "X" number of messages without adding any delay, then start inserting a delay of 'X" seconds between additonal messages. For example, if a five-second delay were added to a million messages, it would take 60 days to release them from the mail server. The term comes from "tar pit." If you fell into one, you would be slowed down.

See TechEncyclopedia source of the above edited entry.

See Tarpit (computing) (link to Wikipedia) for additional references.

Edit 12-17-05 to incorporate comments by Jeff G.

38007[/snapback]

Edited post indicated above.
Link to comment
Share on other sites

That substance works for me, but I'm not enthusiastic about putting new material in quotes as if it's old.

38057[/snapback]

I was not sure how to best handle it and I do not think you actually understand what I actually did. So I will try to explain and if you have a better way please let me know.

I edited my post, but since edited posts do not see the light of day (ie view new posts) used by most viewers, I then did a reply to my edited post creating a new quote bringing the changes back into view. So the quote itself is not actually edited but is a clean quote of the previous edited post. I hope that I am making some sense, as I think I am starting to confuse myself now so I will stop writing.

Link to comment
Share on other sites

No, I didn't understand.  Thanks for explaining.

38066[/snapback]

Your welcome. Do you have a better way of doing it? I am definitely open to suggestions.

The key points are:

1) Maintain a current base entry that is linked to the glossary that includes all current edits in a form that is readable as a complete single entry.

2) Bring the topic back into the "view new post" category.

Link to comment
Share on other sites

Do you have a better way of doing it?

38073[/snapback]

The method I have used in the past for Glossary Entries (which are meant to be eventually copied into the Glossary) is to just post a replacement version / new edit as a Reply to the original, and mark it as such. I consider that to be a little better than what you did.

By way of contrast, I have edited FAQ Entries (which are meant to remain as Topics) in place.

Also, I don't doubt that I've made some mistakes in my long posting history. :)

Link to comment
Share on other sites

The method I have used in the past for Glossary Entries (which are meant to be eventually copied into the Glossary) is to just post a replacement version / new edit as a Reply to the original, and mark it as such.  I consider that to be a little better than what you did.

By way of contrast, I have edited FAQ Entries (which are meant to remain as Topics) in place.

Also, I don't doubt that I've made some mistakes in my long posting history. :)

38078[/snapback]

Thank you.

It is a bit more difficult for me to do it that way, but it can be done.

Note: the entry has actually been added to the glossary but the text resides outside the glossary, so it requires editing the previous entry to remove the html tag or simply turning off html functionablity so that the reference is to the revised text.

Link to comment
Share on other sites

Mung also sometimes stands for Multipurpose Unilateral Nonsense Generator, which is a program that will take web pages and run algorithms on them to make them read as if said in a dialectical manner.

(extracted from http://en.wikipedia.org/wiki/Mung)

29916[/snapback]

You (or someone) accidentally included a right parenthesis in the link, causing it to fail.

Link to comment
Share on other sites

You (or someone) accidentally included a right parenthesis in the link, causing it to fail.

38170[/snapback]

Thanks for bringing this to our attention. I have fixed it.

Just for the record the link worked fine in IE so I failed to notice the problem.

Thanks again for the input.

Link to comment
Share on other sites

Thanks for bringing this to our attention. I have fixed it. ...

38174[/snapback]

We don't have an article called "Mung)"
Not yet, you haven't :) Okay, not needed to fix the quoted instance(s) as well, my sense of order out of control again.
Link to comment
Share on other sites

New suggested entry:

<a name="tarpitting"></a>Tarpitting

Adding a delay in an SMTP conversation between mail servers in order to thwart spammers. A mail server can be set up to insert delays between messages when a single e-mail has a large number of recipients. It could send "X" number of messages without adding any delay, then start inserting a delay of 'X" seconds between additonal messages. For example, if a five-second delay were added to a million messages, it would take 60 days to release them from the mail server. The term comes from "tar pit." If you fell into one, you would be slowed down.

See TechEncyclopedia source of the above edited entry.

See Tarpit (computing) (link to Wikipedia) for additional references.

Edit 12-17-05 to incorporate comments by Jeff G.

The above entry is ready for insertion into the glossary. Any final comments?
Link to comment
Share on other sites

Thanks for bringing this to our attention. I have fixed it.

Just for the record the link worked fine in IE so I failed to notice the problem.

Thanks again for the input.

38174[/snapback]

Stupid IE. I consider

QUOTE

We don't have an article called "Mung)"

a failure - even though you got somewhere, it wasn't where you wanted. Thanks for the fix.

Link to comment
Share on other sites

Stupid IE. I consider

38210[/snapback]

Your are right there. But I am stuck with it. At work I have a choice between IE and Netscape 4.0 (if you can believe that) Talk about being out of date!!!!!
Link to comment
Share on other sites

  • 3 months later...

The following entry was copied from one created by SteveT elsewhere

SpamvertizedURL

A URL embedded as an HTML hyperlink (also known as an HTML anchor tag) within spam which navigates to a web page that contains advertizing content.

Edit: Please see following posts for more information.

Link to comment
Share on other sites

The catch is that an "HTML Anchor tag" is something much more specific ... a certain construct of a URL that drops one at the 'matching' spot "on a web page" ... as compared to being simply dropped at the web-page ....

Technically, the spamvertised site doesn't have to be HTML encoded either .... HTML allows the use of the "trick" of displaying one URI but actually linking to a different location all together ...'Defeated' by the handling of e-mail as Plain-Text ..

Then we should probably also go into the Innocent / scum link differences. (or at least reference back to the Innocent Bystander link?)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...