On 7 March 2018 at 22:52, Laura Atkins <la...@wordtothewise.com> wrote:
> There are companies that have commercialized spamtraps and at least 2 of the
> delivery monitoring companies will tell you when you’ve hit a trap.

Sure I know.. that's why I'm asking what is the network.
If someone sells spamtrap hits data and the spamtraps are 1 day old
while they declare they are at least 1 year old then I think it worth
sharing.

> In other
> cases, some compliance folks will data mine to find spamtrap domains when a
> blacklist is telling them that they are listed due to spamtrap hits. I’m
> pretty sure I’m not the only person who has identified various spamtrap
> accounts over the years.

I probably made my questions using the wrong words... I know *a lot*
of spamtraps and spamtrap networks.
Then I know a lot of "do something else with expired domains" networks
that have no effects on reputations or blacklists, so I don't consider
them spamtraps, but blackholes.

I never seen the behaviour you describe from one the spamtrap networks
that I know sell their data or I know have impact on reputation
somewhere. That's why I was courious.

> In one instance with a client, they were using one of the aforementioned
> delivery monitoring companies and saw a “pristine trap" hit. They were able
> to identify the specific address as the company provides the full text of
> the message. They had recent (within a few weeks) click data from that
> address and a purchase within a few months.

Can you give some hint about the spamtrap network? I don't need the
full name website or anything else, just something that let someone
that know the spamtrap networks understand who you are talking about.
Did the spamtrap network publish a document about how they classify
their spamtraps? Some of them do and clearly states how many months
they keep a 5xx error before turning the domain into a spamtrap.

> Folks I trust have also shared similar stories with me. Addresses that are
> traps show click activity the week before.

I hear many folks sharing many stories.. unfortunately House told me
that everybody lies, so I always try to verify, when I can.

> No, I don’t have permission to share examples. But this was discussed at
> M3AAWG earlier this month and multiple people confirmed they had evidence.

No need for full examples.. md5/sha1 of the lowercased domain or
md5/sha1 of the first lowercased mx server or md5/sha1 of the IP that
received the email would be enough to share your knowledge only to
others that already know about the network.

Stefano

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to