[H-GEN] Software for sending bulk-email (need to throughput-test anti-spam filter)

[Christopher Biggs]

Mark Suter <suter at zwitterion.humbug.org.au> moved upon the face of the 'Net and spake thusly:

> Let me tell you of an evil spammer trick that gets around this
> pesky design feature of TCP.
>
>     One thread sends out SYN packets to the victim mailservers.
>     The "custom TCP stack" (just lowlevel libnet stuff) doesn't
>     keep and record of the packets.
>
>     One thread responds to any SYN-ACK packets with a ACK-FIN
>     packet containing the entire spam.  Again, no records...

Wow, Satanic Mail Transfer Protocol!   The spam arms race has escalated.

Hmmn, has anybody got data on the prevalence of this method in the wild?

I am thinking that $STATEFUL_PACKET_FILTER_OF_CHOICE ought to be able to
defeat this scheme, since any /legal/ SMTP session requires at least one
TCP turn-around (for EHLO) even if E-SMTP pipelining is thereafter used,
and therefore a proper SMTP exchange cannot be concluded in two packets.

--cjb