On Mon, 10 Jun 2013 17:49:11 +0200 John Wilcock <j...@tradoc.fr> wrote:
> Theoretically you could detect such confirmation messages (logically > the first message from a given user,password pair) and actually > deliver them, then harvest the rest! But you'd have to be really > careful not to become a spam relay in the process! Yeah, that's living dangerously. :) Also, putting on a spammer hat (NOT that I actually own one!) if the credentials "user/password" worked for me via SMTP AUTH, I would then try "user/anotherpassword" and if those *also* worked, I'd assume it was a honeypot and avoid it. Creating a realistic honeypot that's hard to detect as such is quite difficult. Regards, David.
