Re: Spam Trapping
tony sarendal wrote: On 14/06/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, Jun 14, 2006 at 09:31:49AM -0700, John Draper wrote: Mike Spenard wrote: What are some thoughts on purposely getting a spam trap email address acquired by spammers and the best way to do so. It is hard to do initially, unless you want to spend a lot of time signing up for things over the web... In my case, I have a very good spam trap. But I host about 60 Email users and I changed everyone's Email address (with their cooperation), and removed them from any mailing lists they might have joined. Evventually, almost all of these accounts have Pure spam coming in. Next I forwarded each of them to [EMAIL PROTECTED] and presto... I have a 100% spam source I can feed directly into my spam reporting engine. Most of these addresses has taken years to accumulate this spam. This is by far the best way... we used to have 'spammers ? spam this [EMAIL PROTECTED]' at the bottom of each page so that crawlers would spam it. also, we had a few systems accounts, not supposed to receive mail, act as spam traps which proved to be quite efficient. So what do you guys do with the email hitting the spam traps ? My email address [EMAIL PROTECTED] has been used as From address by spammers, does that mean that I can't send you guys emails ? Or do you do something else like teach spamassassin and record source IP addresses ? /Tony I feed it to spamassassin. I don't do anything with IPs because most of them get dynamically reallocated between clean and infected computers. I reckon you shouldn't worry about From address because it gets forged all the time. This is very common. Therefore, it would be a bit silly for someone to rely on the From field. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B
Re: Spam Trapping
On Wed, Jun 14, 2006 at 08:29:17PM +0100, tony sarendal wrote: On 14/06/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, Jun 14, 2006 at 09:31:49AM -0700, John Draper wrote: Mike Spenard wrote: What are some thoughts on purposely getting a spam trap email address acquired by spammers and the best way to do so. It is hard to do initially, unless you want to spend a lot of time signing up for things over the web... In my case, I have a very good spam trap. But I host about 60 Email users and I changed everyone's Email address (with their cooperation), and removed them from any mailing lists they might have joined. Evventually, almost all of these accounts have Pure spam coming in. Next I forwarded each of them to [EMAIL PROTECTED] and presto... I have a 100% spam source I can feed directly into my spam reporting engine. Most of these addresses has taken years to accumulate this spam. This is by far the best way... we used to have 'spammers ? spam this [EMAIL PROTECTED]' at the bottom of each page so that crawlers would spam it. also, we had a few systems accounts, not supposed to receive mail, act as spam traps which proved to be quite efficient. So what do you guys do with the email hitting the spam traps ? My email address [EMAIL PROTECTED] has been used as From address by spammers, does that mean that I can't send you guys emails ? Or do you do something else like teach spamassassin and record source IP addresses ? Well, spamd works by source IP. Assuming a sane network setup, it shouldn't reject too much legitimate mail. Joachim
Re: Spam Trapping
Mike Spenard wrote: What are some thoughts on purposely getting a spam trap email address acquired by spammers and the best way to do so. It is hard to do initially, unless you want to spend a lot of time signing up for things over the web... In my case, I have a very good spam trap. But I host about 60 Email users and I changed everyone's Email address (with their cooperation), and removed them from any mailing lists they might have joined. Evventually, almost all of these accounts have Pure spam coming in. Next I forwarded each of them to [EMAIL PROTECTED] and presto... I have a 100% spam source I can feed directly into my spam reporting engine. Most of these addresses has taken years to accumulate this spam. This is by far the best way... i.e. Is it best to use only a defunct address for trapping, or will intentionally getting a new trap address spammed only increase ones spam input and be detrimental overall. I would like to hear feedback based on experience and not just theory of course =) This would work, but it won't catch the older spam proxies out there. Some of these proxies have existed for years, prolly because they have not shown up on the ISP's radar. If it's not detrimental overall how feasible would it be to construct a service that automated the (counter intuitive) act getting an email address acquired by as many spammers as possible? If you find out, I would also like to know how to do this. John
Re: Spam Trapping
On 14/06/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, Jun 14, 2006 at 09:31:49AM -0700, John Draper wrote: Mike Spenard wrote: What are some thoughts on purposely getting a spam trap email address acquired by spammers and the best way to do so. It is hard to do initially, unless you want to spend a lot of time signing up for things over the web... In my case, I have a very good spam trap. But I host about 60 Email users and I changed everyone's Email address (with their cooperation), and removed them from any mailing lists they might have joined. Evventually, almost all of these accounts have Pure spam coming in. Next I forwarded each of them to [EMAIL PROTECTED] and presto... I have a 100% spam source I can feed directly into my spam reporting engine. Most of these addresses has taken years to accumulate this spam. This is by far the best way... we used to have 'spammers ? spam this [EMAIL PROTECTED]' at the bottom of each page so that crawlers would spam it. also, we had a few systems accounts, not supposed to receive mail, act as spam traps which proved to be quite efficient. So what do you guys do with the email hitting the spam traps ? My email address [EMAIL PROTECTED] has been used as From address by spammers, does that mean that I can't send you guys emails ? Or do you do something else like teach spamassassin and record source IP addresses ? /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: Spam Trapping
From: [EMAIL PROTECTED] we used to have 'spammers ? spam this [EMAIL PROTECTED]' at the bottom of each page so that crawlers would spam it. also, we had a few systems accounts, not supposed to receive mail, act as spam traps which proved to be quite efficient. So what do you guys do with the email hitting the spam traps ? My email address [EMAIL PROTECTED] has been used as From address by spammers, does that mean that I can't send you guys emails ? Or do you do something else like teach spamassassin and record source IP addresses ? spamd. It works on the IP address level. Spam trap addresses function such that offending source addresses are auto-blacklisted (for a configurable length of time.) In a sense, it is tied to the email address of the To: header, not From: as you'd speculated. DS
Re: Spam Trapping
On 14/06/06, Spruell, Darren-Perot [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] we used to have 'spammers ? spam this [EMAIL PROTECTED]' at the bottom of each page so that crawlers would spam it. also, we had a few systems accounts, not supposed to receive mail, act as spam traps which proved to be quite efficient. So what do you guys do with the email hitting the spam traps ? My email address [EMAIL PROTECTED] has been used as From address by spammers, does that mean that I can't send you guys emails ? Or do you do something else like teach spamassassin and record source IP addresses ? spamd. It works on the IP address level. Spam trap addresses function such that offending source addresses are auto-blacklisted (for a configurable length of time.) In a sense, it is tied to the email address of the To: header, not From: as you'd speculated. I know how spamd works, but here we had more creative setups, the To: address of the spam emails were just used to route them to the spam trap. What point would it be to identify the spam with the To: header if all email for those addresses end up in a spam trap anyway ? So if people route specific unused email addresses to spam traps, what do they actually do with the received emails to reduce spam to legitimate addresses ? /T -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: Spam Trapping
From: [EMAIL PROTECTED] So if people route specific unused email addresses to spam traps, what do they actually do with the received emails to reduce spam to legitimate addresses ? If you're not making the connection, you don't understand how spamd(8) works. Your MX receives mail for your-domain.tld. The spammer attempts to email '[EMAIL PROTECTED]' and their MTA ends up being blacklisted. Now they attempt to send spam to '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]', which is directed to your same MX host, and since they are blacklisted, they cannot. They try to send spam to '[EMAIL PROTECTED]', also being serviced via your MX, and are blacklisted still. No users at your-other-domain.tld recieve spam. Look up the definition of the tuple in the spamd references. DS
Re: Spam Trapping
On 14/06/06, Spruell, Darren-Perot [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] So if people route specific unused email addresses to spam traps, what do they actually do with the received emails to reduce spam to legitimate addresses ? If you're not making the connection, you don't understand how spamd(8) works. Your MX receives mail for your-domain.tld. The spammer attempts to email '[EMAIL PROTECTED]' and their MTA ends up being blacklisted. Now they attempt to send spam to '[EMAIL PROTECTED]' or '[EMAIL PROTECTED] ', which is directed to your same MX host, and since they are blacklisted, they cannot. They try to send spam to '[EMAIL PROTECTED]', also being serviced via your MX, and are blacklisted still. No users at your-other-domain.tld recieve spam. Look up the definition of the tuple in the spamd references. DS From the emails earlier in the thread I was expecting something else than greytrapping. Terms like spam reporting engine and older spam proxies indicated that they were talking about something else. I was interested in what that was. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: Spam Trapping
On Thu, Jun 01, 2006 at 05:42:02PM -0700, Kian Mohageri wrote: Maybe you're really looking for something like spamd: http://www.openbsd.org/spamd/ Much more effective than a trap e-mail address in my opinion? Spamd can be configured to use a 'trap' e-mail address... See under 'GRAYTRAPPING'. Joachim
Spam Trapping
What are some thoughts on purposely getting a spam trap email address acquired by spammers and the best way to do so. i.e. Is it best to use only a defunct address for trapping, or will intentionally getting a new trap address spammed only increase ones spam input and be detrimental overall. I would like to hear feedback based on experience and not just theory of course =) If it's not detrimental overall how feasible would it be to construct a service that automated the (counter intuitive) act getting an email address acquired by as many spammers as possible? Mike Spenard
Re: Spam Trapping
Maybe you're really looking for something like spamd: http://www.openbsd.org/spamd/ Much more effective than a trap e-mail address in my opinion? Kian On 6/1/06, Mike Spenard [EMAIL PROTECTED] wrote: What are some thoughts on purposely getting a spam trap email address acquired by spammers and the best way to do so. i.e. Is it best to use only a defunct address for trapping, or will intentionally getting a new trap address spammed only increase ones spam input and be detrimental overall. I would like to hear feedback based on experience and not just theory of course =) If it's not detrimental overall how feasible would it be to construct a service that automated the (counter intuitive) act getting an email address acquired by as many spammers as possible? Mike Spenard
