Tarpitting is the process of intentionally delaying the sending of mass emails to avoid getting tagged as a spammer. In it, system administrators can configure a specific mail server to insert a pause in-between sending emails with huge recipient numbers. But while tarpitting can benefit legitimate companies that want to stay protected from spamming, cybercriminals can also abuse it to bypass security measures. They can delay spam mail sending time so these would not be considered spam.

The term “tarpitting” came from the concept of a “tar pit.” Falling into one would significantly slow you down.

Other interesting terms…

Read More about “Tarpitting”

How Does Tarpitting Work?

Tarpitting can be implemented in several ways. We listed some of them below.

Delaying Authentication Procedures

Network administrators can delay authentication by setting up passwords. When users provide an invalid password, the response time will increase. That can demotivate spammers since they need to spend more time breaking the authentication system by trying out a host of passwords.

Increasing Transfer Time

Tarpitting can also be done by increasing email transfer time by a few seconds. The delay may seem nothing out of the ordinary for users, but spammers are greatly affected because they usually process high email volumes per second.

Delaying Identified Spammers

Several email systems can detect known spammers. Given information, these will only delay emails from identified spammers but not legitimate users.

Greylisting Users

Another effective tarpitting method is greylisting. In it, systems will deny all connection requests from new or unidentified Internet Protocol (IP) addresses. The idea is that all legitimate users will try connecting again, but spammers will not, as they usually only carry out one attempt to connect.

Most spamming systems are developed to send out emails at the fastest time possible. As such, delays can prevent sending bulk messages.

Can Tarpitting Affect Legitimate Users?

Most email systems enable tarpitting to improve security. It has, however, also become frustrating for non-spammers who send legitimate emails in bulk. As a sender, the goal is to keep a clean distribution list and ensure the prompt delivery of emails, which makes tarpittting a hurdle.

In some cases, legitimate users can receive nondelivery reports (NDRs) or get bounced. That may translate to high bounce rates and thus low sender scores. Thankfully, they can use an email validation tool that initiates sessions with recipients’ mail exchange (MX) servers (i.e., the servers that allow message sending and receiving). Such a device can determine which servers have active tar pits and adjust sending time to include an anti-tar pit time.

How Do You Enable and Disable Tarpitting?

To set up tarpitting, users of Windows Server 2003 and Exchange can follow these steps:

  • Download and install these packages:

These should run automatically with Windows Exchange. For Windows Server 2003, you should have Internet Information Services 6.0.

  • Create the following registry key:

HKLM\System\CurrentControlSet\Services\SmtpSvc\Parameters\TarpitTime (DWORD)

  • Set the key value to your desired number of seconds for the server to send a tar pit error response. You need to stop then start the Simple Mail Transfer Protocol (SMTP) service for the change to take place.

The tarpitting setup process can be very technical, as you may have noticed. So as not to disrupt operations or corrupt network functionality, make sure your network administrator handles it.

So, what is tarpitting? It is merely a technique developed to protect against spamming. The main idea is to curb threats, such as dictionary harvest or user account attacks. In dictionary harvest attacks, attackers try to compile a list of valid email addresses from your organization for later use. In user account attacks, meanwhile, threat actors repeatedly attempt to authenticate connections via username and password combination guessing to bypass security measures.