Re: Honeypot email addresses

Mon, 24 Nov 2014 14:33:13 -0800 

On Sun, 23 Nov 2014, Reindl Harald wrote:




Am 23.11.2014 um 11:17 schrieb Aban Dokht:

On 22.11.2014 22:32, Dave Funk wrote:

Another way to seed spamtrap addresses is to make up some and
then feed them into "unsubscribe" links in spam sent to regular
users. I've got some of those I started that way 15 years ago
and they're still going strong.


Also no good idea, as some of them will send an unsubscribe mail to the
trap then. The risk of false positives is very high


using real addresses as a honeypot is wrong, dangerous and reckless


also there is no need for playing with firebecause by use virgin addresses 
and not promote them visible or even subcribe them to porn newsletters (don't 
laugh i heard proposals register a address to all porn newsletters you can 
find and then start blacklisting)



if you want to block all newsletters then just do it, you don't need to play 
honeypot-games for that!


I guess I need to elaborate to make it clear exactly what I do and why there
is little to no danger of FPs.

When I said "to make up some (spamtrap addresses)" I mean make up some -new-
addresses that can -never- be used as legitmate user addresses.

In our organization we have some specific address formats that we use for
various purposes (first-l...@domain.name shortn...@sub.domain.name
service_addr...@domain.name ). However we also have some reserved address
spaces within those formats (which are administrativly enforced) so I can
create some addresses that look like first-l...@domain.name but which I know
will never be used for real purposes (but the spammers won't know which they
are). I use those addresses for spamtrap addresses. (no danger of FPs there).

I then feed those particular spamtrap addresses into the "unsubscribe" links of
hand-verified spam. So only spammers will ever see those addresses anyplace
outside of our infrastructure. Thus they should almost never FP.

The only way that I can see any possibility of FPs is if a spammer is using
a semi-legit MSP and that MSP sends an unsubscribe-verify message to that
spam-trap address. That should only happen a few times at most and should -not-
have any new spam assocated with it.

So any spam sent to that spamtrap address is fair game.


--
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{























					Reply via email to