On 7 March 2018 at 22:52, Laura Atkins <la...@wordtothewise.com> wrote: > There are companies that have commercialized spamtraps and at least 2 of the > delivery monitoring companies will tell you when you’ve hit a trap.
Sure I know.. that's why I'm asking what is the network. If someone sells spamtrap hits data and the spamtraps are 1 day old while they declare they are at least 1 year old then I think it worth sharing. > In other > cases, some compliance folks will data mine to find spamtrap domains when a > blacklist is telling them that they are listed due to spamtrap hits. I’m > pretty sure I’m not the only person who has identified various spamtrap > accounts over the years. I probably made my questions using the wrong words... I know *a lot* of spamtraps and spamtrap networks. Then I know a lot of "do something else with expired domains" networks that have no effects on reputations or blacklists, so I don't consider them spamtraps, but blackholes. I never seen the behaviour you describe from one the spamtrap networks that I know sell their data or I know have impact on reputation somewhere. That's why I was courious. > In one instance with a client, they were using one of the aforementioned > delivery monitoring companies and saw a “pristine trap" hit. They were able > to identify the specific address as the company provides the full text of > the message. They had recent (within a few weeks) click data from that > address and a purchase within a few months. Can you give some hint about the spamtrap network? I don't need the full name website or anything else, just something that let someone that know the spamtrap networks understand who you are talking about. Did the spamtrap network publish a document about how they classify their spamtraps? Some of them do and clearly states how many months they keep a 5xx error before turning the domain into a spamtrap. > Folks I trust have also shared similar stories with me. Addresses that are > traps show click activity the week before. I hear many folks sharing many stories.. unfortunately House told me that everybody lies, so I always try to verify, when I can. > No, I don’t have permission to share examples. But this was discussed at > M3AAWG earlier this month and multiple people confirmed they had evidence. No need for full examples.. md5/sha1 of the lowercased domain or md5/sha1 of the first lowercased mx server or md5/sha1 of the IP that received the email would be enough to share your knowledge only to others that already know about the network. Stefano _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
