Developing High Performance Asynchronous IO Applications
Subject:   Not new or revolutionary
Date:   2006-10-13 07:13:17
From:   c0desl1nger
This idea is neither new nor revolutionary. The Symantec SMS 8160 does this now and the technology comes from their acquisition of TurnTide, which was doing this from the beginning of 2004. Prior to that it, was called SpamSquelcher which launched in late 2002.
Full Threads Newest First

Showing messages 1 through 3 of 3.

  • Not new or revolutionary
    2006-10-14 19:57:13  msergeant1 [View]

    You're right that Turntide does something fairly similar, but there's a big difference with the turntide and that's the amount of information you get back from it. When connections time out from an MTA based solution you not only know about it, you know at what stage they timed out, and what stage they timed out at.

    This probably seems really unimportant to most people, but to anyone working on these kinds of solutions it is fairly vital information.
    • Yes, new and revolutionary
      2006-10-16 10:44:03  kensimpson [View]

      [shillery alert, I'm the CEO of MailChannels] - It should be noted that Matt Sergeant works for MessageLabs, who use many TurnTide devices in their network, so his comments here are well founded in personal experience. And it should be noted that MessageLabs is a kick-ass company that does a fantastic job at fighting spam.

      The main difference between TurnTide and our approach is that TurnTide traffic shapes at the network layer -- much like a firewall does. The TurnTide approach worked very well to punish high volume senders a few years ago, by forcing down their window size and backing up packets within their own infrastructure.

      Today, however, most spam is sent by zombies, the owners of which could care less what's going on at the TCP layer -- since it's not their network that is being abused by high packets per second. What they _do_ care about is getting their messages dropped into the queue quickly so that they can move on. So what's important today is to 1) identify the zombies at zero-hour and 2) hold their SMTP connections open for as long as possible.

      MailChannels Traffic Control is a hybrid of a traffic shaper and a proxy, with some nifty connection pooling features that help to reduce concurrency to the mail server. We believe this design is better suited to today's spamming reality where zombies are prevalent, rather than high volume senders, and high concurrency is the enemy, rather than high traffic volume.

      Our directly in-field experience shows that spammers abort their connections within ten seconds, rather than hanging on -- because the economic proposition of spamming is predicated on fast delivery to the queue.
      • Yes, new and revolutionary
        2006-10-24 12:36:50  c0desl1nger [View]

        [more shillery, I was a very early employee at TurnTide]

        The TurnTide/SMS8160 is more than capable of handling zombies effectively. High concurrency has always been the enemy and the SMS8160 has always done both bandwidth _and_ connection shaping on ingress traffic. Since day one, way back in 2002, when it was called SpamSquelcher.

        While Matt's points are salient, MailChannels' solution is in no way new or revolutionary, believe me. I've been doing this longer than anyone. I'm not knocking the solution, as I have no experience with MailChannels' software, just the characterization that its somehow groundbreaking.