>From my experience so far, most spammers do not send a test message to see >if the email is actually making it to the end-recipient.
Well, I have a James running for a year now with the SMTP port open. Every mail coming from something else than 192.168.*.* and not for a local user is forwarded to my admin account just before being rerouted to NULL. I've always (and only) received emails including my IP address either in the subject or in the body. I have never received any other kind of attempts from outside (like pure spam rerouting)... -----Original Message----- From: Tom Pridham [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 8:24 PM To: James Users List Subject: RE: Spam Honeypot That is exactly my plan....I will place my honeypot server on the internet, open up port 25, capture all the gory details, and then dump the email to null. >From my experience so far, most spammers do not send a test message to see if the email is actually making it to the end-recipient. Thanks to the availibility of cheap dedicated servers (i.e. ServerBeach, Nocster etc), this is a fun and cheap experiment. Ever wonder how spammers survive? Here is the best article I've read on that topic in awhile: http://www.wired.com/news/infostructure/0,1377,57613,00.html -----Original Message----- From: Noel J. Bergman [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 1:27 PM To: James Users List Subject: RE: Spam Honeypot > i saw the same. however, how is he going to be an 'open relay' > (to attract spammers) and then be dumping stuff to null? You don't need to do anything to attract spammers; they just show up. You don't need to do anything to be probed for being an open relay other than have an available SMTP port on the internet. Your IP will be probed. I recently installed a computer on broadband for my uncle. Within 5 minutes of enabling his computer, the firewall reported the first probes. People looking for SMTP, MS SQL, and other exploits. My own firewall tracks in excess of 20 GIGABYTES of probes per month, all courtesy of Windows machines. Our public mail server blocks anywhere from a few 100 spams per day to 1500+. They seem to run in waves. The numbers were much higher when we first started the server, but they seem to have dropped off; perhaps the spambots are realizing that we aren't productive for them. In any event, since he isn't actively rejecting them (from their perspective), they'll assume that he is an open relay. Unlike DNSRBL scanners, which wait to get a reply. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
