I've been accumulating spamtrap addresses for some local greytrapping for a while now, but occasionally I still see unknown user messages in my mail server logs. These messages are as far as I can tell mainly from bounces of undeliverable spam messages which happened to have from: or reply-to addresses with [EMAIL PROTECTED] in them.
Most of these addresses are clearly message-IDs harvested from news spools or some Outlook user's mail box, others are generated or just made up. When I have the time, I add these addresses as spamtraps using spamdb. Now I wonder if it would be a good idea to put that list of spamtrap addresses on a web page for the address slurpers to find and use, so I can detect spam senders early and either treat them to 24 hours at the time in the tar pit or have them move on to the next target. The only downside to this that I can see is that occasionally somebody naive and innocent sending backscatter (bounces of undeliverable spam) would be tarpitted for a while. Does anybody else here have views or relevant experience they want to share? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
