On 12/15/2015 11:33 PM, Kevin A. McGrail wrote:
On 12/15/2015 5:25 PM, Juerg Reimann wrote:
I have a domain which gets a lot of spam to non-existent addresses. I
thought why not set that domain to catch-all and feed all non-existent
addresses directly to spamassassin. Any thoughts why this could be a bad
idea? Of course any typos from real senders would also end up in sa,
however, I believe that's in this case negligible...
Thanks,
Juerg
This type of honeypot can find numerous bad actors and identify
dictionary attackers. It has excellent merit and many people use this
type of data. You might find it useful for blocking IPs, finding bad
URLs, identifying spam for bayes, etc.
easy to kill legit/ESP bulk and use the rest as bayes
fodder...masschecks, etc, etc
