On 6/10/2013 8:38 AM, David F. Skoll wrote:
On Mon, 10 Jun 2013 08:32:35 -0700
Marc Perkel <supp...@junkemailfilter.com> wrote:
I decided to implement and advertise that the server had SMTP
athentication even though there was nothing to authenticate. I
created an authenticator that would accept any username and password.
But it's obviously spam. Then I harvest the spam.
That's an interesting honeypot. I've seen spammers crack SMTP AUTH
passwords, but in most cases the first thing they do is send an email
to a freemail account with a subject like:
192.168.33.55,user,passwd
and if they don't get the round-trip confirmation that they're able to
relay mail out, they don't attempt to send mail using the server.
Still... I bet not all spammers are as sophisticated and I'd be interested
to see your results. Another thing you could try is to pretend to be
an open relay. Don't even bother with AUTH, just accept RCPT TO:<foo@anywhere>
Regards,
David.
We'll - it does waste their time and resources. Maybe it would be better
if it failed every time just to keep them working at it. Maybe I should
open pop and imap ports just to make it more inviting looking.
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
