On Tue, Dec 2, 2014 at 3:19 PM, LuKreme <krem...@kreme.com> wrote: > On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt <t...@ipinc.net> wrote: > > This is assuming of course that your instantly blocking everything from > a sender that happens to email a honeypot. > > Right. That i the *point* of a honeypot. The only thing going to a > honeypot is going to be a spammer. >
Not necessarily. At dnswl.org, we use spamtraps as one input source to determine the trustworthiness of an IP - to list (and at what score) or if not to list. A single spamtrap hit over an extended period of time for a system with a high magnitude does not say much. And it's different if it's an ISP mailserver or an "email marketing provider". A single spamtrap hit for an IP that has been seen for a few days only says quite a lot. > > Most honeypots are not used in such a draconian fashion. > > Every single one I’ve ever seen has. > Now you've seen one that doesn't :) -- Matthias
