On Thu, Jul 05, 2007 at 11:07:55AM +0200, Peter N. M. Hansteen wrote: > Now I wonder if it would be a good idea to put that list of spamtrap > addresses on a web page for the address slurpers to find and use, so I > can detect spam senders early and either treat them to 24 hours at the > time in the tar pit or have them move on to the next target. > > The only downside to this that I can see is that occasionally somebody > naive and innocent sending backscatter (bounces of undeliverable spam) > would be tarpitted for a while. > > Does anybody else here have views or relevant experience they want to > share?
I thought about this a while back, and I found a weakness. Now, I haven't seen this used, but it's trivially possible. Here's the deal: You publish spamtrap addresses, and of course you make them easily recognizable as such so you don't trap real people. Spammers spend a very small amount of effort and harvest spamtrap addresses *on purpose* and use them as sender addresses (joe job). The result being, of course, that you blacklist significant valid portions of the internet. Am I wrong here? -- Darrin Chandler | Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
