I'd like to run an idea past the group, and see if there's value to it. Except when running mass-checks, or checking for FPs, I ignore emails that are flagged as spam. I pay attention to the FNs.
When an FN includes a URI like > If you wish to discontinue receiving messages from the mailerfeatured > in this email, please visit our webpage. > http://rmvs.com/r.asp?123456&[EMAIL PROTECTED]&H I add that domain to my personal BigEvil list, and send them to BigEvil to share. These are the spams that get through my current SA filters, which are blocking spam at 99.8% efficiency. Therefore these are the spammers that are either lucky, or good at what they do. I'm thinking that I should take that URI, cut and paste and modify it in my browser, and go to something like: > http://rmvs.com/r.asp?123456&[EMAIL PROTECTED]&H Note that I modified the email address so it no longer points at the original destination address, but instead to a honeypot (which actually won't be named anything so obvious). The domain would be one from which I can retrieve the honeypot. I then plan to a) watch for a confirmation of the unsubscribe. That email can be ignored. The only reason to watch for it is to avoid generating garbage for the following actions. b) autoforward all emails after any confirmation notice to [EMAIL PROTECTED] (my own someaddress) as documented at http://wiki.apache.org/spamassassin/SpamTrapping so this spammer's spam is automatically included in the future development corpus c) autoforward all such emails to [EMAIL PROTECTED], which is a POP3 mbox that is automatically fed into sa-learn as spam. d) dump those emails into my own spam corpus. Since [EMAIL PROTECTED] is an address never used for any other purpose, and since the only time this address is placed into a website's system is to *unsubscribe*, any emails sent to that address will by definition be spam (with the possible exception of a first "confirmation"). This provides a method of dumping "lucky" and/or "smart" spammer spams directly into Bayes and the development corpus and my corpus, without any additional manpower requirement. Does anyone have experience with this type of honeypot, and is it worth while? Bob Menschel
