-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It would definitely be worthwhile, IMO. There's still a bit of an open question as to how much of these remove links *work* and how much confirm the addr -- it's not 100% either way -- but it'd catch the ones that do keep confirmed addrs... BTW the spamtraps.taint.org traps report to Pyzor, DCC, and a few proxy testing systems too ;) (However, we don't use them for mass-checks any more, because we nowadays have more than enough hand-verified spam from the various people's corpora.) - --j. Robert Menschel writes: > I'd like to run an idea past the group, and see if there's value to it. > > Except when running mass-checks, or checking for FPs, I ignore emails > that are flagged as spam. I pay attention to the FNs. > > When an FN includes a URI like > > If you wish to discontinue receiving messages from the mailerfeatured > > in this email, please visit our webpage. > > http://rmvs.com/r.asp?123456&[EMAIL PROTECTED]&H > I add that domain to my personal BigEvil list, and send them to BigEvil > to share. > > These are the spams that get through my current SA filters, which are > blocking spam at 99.8% efficiency. Therefore these are the spammers that > are either lucky, or good at what they do. > > I'm thinking that I should take that URI, cut and paste and modify it in > my browser, and go to something like: > > http://rmvs.com/r.asp?123456&[EMAIL PROTECTED]&H > Note that I modified the email address so it no longer points at the > original destination address, but instead to a honeypot (which actually > won't be named anything so obvious). The domain would be one from which I > can retrieve the honeypot. > > I then plan to > a) watch for a confirmation of the unsubscribe. That email can be > ignored. The only reason to watch for it is to avoid generating > garbage for the following actions. > b) autoforward all emails after any confirmation notice to > [EMAIL PROTECTED] (my own someaddress) as documented at > http://wiki.apache.org/spamassassin/SpamTrapping so this spammer's > spam is automatically included in the future development corpus > c) autoforward all such emails to [EMAIL PROTECTED], which is a POP3 > mbox that is automatically fed into sa-learn as spam. > d) dump those emails into my own spam corpus. > > Since [EMAIL PROTECTED] is an address never used for any other > purpose, and since the only time this address is placed into a website's > system is to *unsubscribe*, any emails sent to that address will by > definition be spam (with the possible exception of a first > "confirmation"). > > This provides a method of dumping "lucky" and/or "smart" spammer spams > directly into Bayes and the development corpus and my corpus, without any > additional manpower requirement. > > Does anyone have experience with this type of honeypot, and is it worth > while? > > Bob Menschel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFAmxZRQTcbUG5Y7woRAu9UAKC5GEn+x78MJ/GOMQMYJQWQNW/OPgCgmZwz 4nuOnVZk1cZvYLkmE+TlBW8= =NS3c -----END PGP SIGNATURE-----
