The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long.
[citation needed] One of the possible avenues that were considered to battle bulk-spam at one time, was to mandate a small fee for every submitted mail.
By introducing such artificial cost, with negligible impact on legitimate use as long as the fee is small enough, automated mass-scale spam would instantly become unattractive.
Tarpitting could be seen as a similar (but technically much less complex) approach, where the cost for the spammer would be measured in terms of time and efficiency rather than money.
[citation needed] Authentication procedures increase response times as users attempt invalid passwords.
The idea is that it will not matter if a legitimate mail takes a little longer to deliver, but due to the high volume, it will make a difference for spammers.
[citation needed] A more subtle idea is greylisting, which, in simple terms, rejects the first connection attempt from any previously unseen IP address.
[citation needed] SMTP consists of requests, which are mostly four-letter words such as MAIL, and replies, which are (minimally) three-digit numbers.
[citation needed] The Linux kernel can now be patched to allow tarpitting of incoming connections instead of the more usual dropping of packets.
A daemon exploiting Linux libipq can then check the remote address of incoming SMTP connections against that database.
SpamCannibal is a GPL software designed around this idea;[4] Stockade is a similar project implemented using FreeBSD ipfirewall.
In practice, given current average computer botnet size, a more reasonable solution will be to drop suspicious traffic completely, without tarpitting.
After the Symantec acquisition, a Canadian startup company called MailChannels released their "Traffic Control" software, which uses a slightly different approach to achieve similar results.