On 7 March 2018 at 22:52, Laura Atkins <la...@wordtothewise.com> wrote:
> There are companies that have commercialized spamtraps and at least 2 of the
> delivery monitoring companies will tell you when you’ve hit a trap.

Sure I know.. that's why I'm asking what is the network.
If someone sells spamtrap hits data and the spamtraps are 1 day old
while they declare they are at least 1 year old then I think it worth

> In other
> cases, some compliance folks will data mine to find spamtrap domains when a
> blacklist is telling them that they are listed due to spamtrap hits. I’m
> pretty sure I’m not the only person who has identified various spamtrap
> accounts over the years.

I probably made my questions using the wrong words... I know *a lot*
of spamtraps and spamtrap networks.
Then I know a lot of "do something else with expired domains" networks
that have no effects on reputations or blacklists, so I don't consider
them spamtraps, but blackholes.

I never seen the behaviour you describe from one the spamtrap networks
that I know sell their data or I know have impact on reputation
somewhere. That's why I was courious.

> In one instance with a client, they were using one of the aforementioned
> delivery monitoring companies and saw a “pristine trap" hit. They were able
> to identify the specific address as the company provides the full text of
> the message. They had recent (within a few weeks) click data from that
> address and a purchase within a few months.

Can you give some hint about the spamtrap network? I don't need the
full name website or anything else, just something that let someone
that know the spamtrap networks understand who you are talking about.
Did the spamtrap network publish a document about how they classify
their spamtraps? Some of them do and clearly states how many months
they keep a 5xx error before turning the domain into a spamtrap.

> Folks I trust have also shared similar stories with me. Addresses that are
> traps show click activity the week before.

I hear many folks sharing many stories.. unfortunately House told me
that everybody lies, so I always try to verify, when I can.

> No, I don’t have permission to share examples. But this was discussed at
> M3AAWG earlier this month and multiple people confirmed they had evidence.

No need for full examples.. md5/sha1 of the lowercased domain or
md5/sha1 of the first lowercased mx server or md5/sha1 of the IP that
received the email would be enough to share your knowledge only to
others that already know about the network.


mailop mailing list

Reply via email to