Hello, On Thu, Feb 23, 2012, at 06:12 PM, Stan Hoeppner wrote: > Ok, so what's the practical difference between this 'spamtrap' DISCARD > solution and simply returning a 5xx unknown user for these addresses? > > Does this spammer always send to multiple recipients including at least > one of these 'spamtrap' addresses?
Sending to any of <valid_user>@<unknown_domain> <unknown_user>@<valid_domain> <unknown_user>@<unknown_domain> can, and is, subject to immediate reject based solely on the 'unkown' criterion. The specific use case I'm targeting, which is far too common, is as follows, Let's say I have two valid users, ro...@rogermail.com rogers_bobs_electron...@rogermail.com and "Bob's Electronics" gets hacked, and their user DB compromised so that my new Uzbekistani best friends now have that address for keeping in touch at the holidays. I immediately change my official Bob's Electronics-dedicated, registered address from rogers_bobs_electron...@rogermail.com to rogers_new_bobs_electron...@rogermail.com Henceforth, the ONLY usage of that old address, rogers_bobs_electron...@rogermail.com, is for spam. It never has been used for anything other than communications to/from Bob's Electronics, and now that it's no longer valid, it can be only used for one thing. Now, I'll almost immediately start seeing emails addressed as, e.g., TO: <ro...@rogermail.com>,<rog...@rogermail.com>,<luci...@microsoft.com>,<rogers_bobs_electron...@rogermail.com> If only the 1st three of those addresses were present, my policy would be to -- accept the mail to the 1st address, subjecting it to usual "heavy" scanning -- reject the second & third addresses as an unknown But, for all I know, the second address could be a fat-thumbed typo from a legit sender, and lucifer@miscrosoft really COULD be on the same interest list as I am. I.e., insufficient cause to DISCARD all. However, if all FOUR addresses are there, including, <rogers_bobs_electron...@rogermail.com>, since it's no longer a viable address for comms from Bob's Electronics, it's -- for my uses and by my definitions -- from a spammer. That IS sufficient criterion by my measure, for DISCARDing the message to/for all the recipients. Over the past years, amidst countless 3rd party breaches, I've amassed several hundreds of these formerly-valid, now-compromised 'spamtrap' addresses. I've dumped several 10Ks of definitely-spam messages using this approach, and not once in all those years have I ever become aware of a false positive. Either because there were none, or it wasn't that important in the 1st place. Either works for me. CommunigatePro has, for many years, provided a mechanism to deal with this trivially. Again, method for me is irrelevant -- simply outcome is of interest. And that, in this thread, is what I've been striving for. With your, Rob's and Noel's help, I have something tangible and reasonably promising to try. Thanks. Cheers, Roger
