Am 02.12.2014 um 18:24 schrieb Ted Mittelstaedt:
On 12/2/2014 6:19 AM, LuKreme wrote:On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt<t...@ipinc.net> wrote:This is assuming of course that your instantly blocking everything from a sender that happens to email a honeypot.Right. That i the *point* of a honeypot. The only thing going to a honeypot is going to be a spammer.Most honeypots are not used in such a draconian fashion.Every single one I’ve ever seen has.i see tons of spam relayed through throwaway accounts on Yahoo, and even some from Gmail and Microsoft's various domains. This is to all manner of accounts, both valid and invalid, former accounts and accounts that never existed. So your saying it's OK to block those because you get a piece of spam from them to a honeypot?
surely, on *one* RBL
Or are you saying that the spammers NEVER use throwaway accounts on those large providers? Or are you saying that with your honeypots that the large providers get a free pass to spam you when they email your honeypots?
no, i am saying nobody right in his mind is rejecting mails because *one* RBL but based on scores and with delisting after a few days - each honeypot one RBL
if you put a lot of RBL's as well as a lot of DNSWL in the score mix you unlikely have false positives because *one* honeypot
it only becomes a problem when the maintainers of honeypot's are dumb as bread and re-use previous legit addresses as trap or what i heard crazy people suggest register on porn sites with trap addresses
the large ISP's like gmail are typically also on whitelists (including one of our internal) and so they need to hit a lot of honeypots within a short timeframe to get blocked, but if they do - so be it
signature.asc
Description: OpenPGP digital signature
