On 03/12/2014 03:07, Matthias Leisi wrote:
> On Tue, Dec 2, 2014 at 3:19 PM, LuKreme <krem...@kreme.com> wrote: > >> On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt <t...@ipinc.net> wrote: >>> This is assuming of course that your instantly blocking everything from a >>> sender that happens to email a honeypot. >> >> Right. That i the *point* of a honeypot. The only thing going to a honeypot >> is going to be a spammer. > > Not necessarily. At dnswl.org [1], we use spamtraps as one input source to > determine the trustworthiness of an IP - to list (and at what score) or if > not to list. > > A single spamtrap hit over an extended period of time for a system with a > high magnitude does not say much. And it's different if it's an ISP > mailserver or an "email marketing provider". I see no difference, if I never have, never will, use say deletet...@ausics.net and its used as a trap address (actually used as examples in some of my pages/blog etc), *anyone* who sends to that address, has got it via means of scraping, it clearly means it was taken from a webpage, or a mailing list archive, if *anyone* sends *anything* to that address it is unsolicited mail - spam, so that IP sender is blacklisted and placed in a DNSBL as well because there is no possible legitimate reason to send to that address, and reputation, trust - my arse, again, no valid or legitimate reason to send to that trap address, its sole purpose in life is to catch those who spam, if one person sees it, they *will* be doing it to many many many others. Noel PS (for the spammers, since we know you scum read this list - that example is only 1 of 7 trap addresses over a couple of domains I use, exempt it, I'll still catch you out) Links: ------ [1] http://dnswl.org
