On Mon, 10 Jun 2013 08:32:35 -0700
Marc Perkel <supp...@junkemailfilter.com> wrote:
> I decided to implement and advertise that the server had SMTP
> athentication even though there was nothing to authenticate. I
> created an authenticator that would accept any username and password.
> But it's obviously spam. Then I harvest the spam.
That's an interesting honeypot. I've seen spammers crack SMTP AUTH
passwords, but in most cases the first thing they do is send an email
to a freemail account with a subject like:
192.168.33.55,user,passwd
and if they don't get the round-trip confirmation that they're able to
relay mail out, they don't attempt to send mail using the server.
Still... I bet not all spammers are as sophisticated and I'd be interested
to see your results. Another thing you could try is to pretend to be
an open relay. Don't even bother with AUTH, just accept RCPT TO:<foo@anywhere>
Regards,
David.
