On 2/23/2012 10:28 AM, rg86...@airpost.net wrote:
> I have a list of compromised addresses. For the sake of this
> discussion, let it include, e.g., "s...@myserver.com".
>
> Prior to its compromise, it was verifiable as an existing & valid
> "user@domain" in the virtual user/domain (sql) lookup tables.
If this was at one time an actual address to a mailbox in which someone
received legit mail, and other persons corresponded with said person,
possessed this email address, then there are some BCPs regarding turning
such addresses into traps:
1. Mailbox must be disabled
2. 5xx "unknown user" must be returned for at least 2 years,
5 years if the mailbox has existed for more than 5 years
3. Monitor mailbox for this 2 years for legit mail
4. If the mailbox received legit mail in the last 6 months,
extend period another year, repeat as necessary
5. When you reach no legit mail in the last 6 months, turn
mailbox back on for spamtrap use
6. Collect and analyze the spam, use the data as you wish
I get the impression that what you've done is taken mailboxes that were
phished or password cracked , used by spammers to SEND spam, and have
used these addresses in a filter scheme. This is NOT the same as a
spamtrap. I don't even know if there's been a term coined for such a
thing. Is this indeed what you're doing?
--
Stan
