Honeypots mailing list archives
spamd and anti-spam honeypots: some comments
From: jm () jmason org (Justin Mason)
Date: Sun, 16 Feb 2003 22:17:53 +0000
Folks -- came across this thread through the power of Google. (now let's see if I can post to the list without subscribing ;) I've been looking into spammer tactics for obvious reasons (I hack on SpamAssassin), so I have a few insights of note. It's worth noting that most "effective" spammers will attempt to relay at least 1 message to themselves through a new open relay, to verify that it works. This message typically contains the IP of the relay, and is sent to a drop-box freemail account. So a spam-honeypot (spampot?) needs to relay at least once for a given client IP (or similar). Not too much more though, or it really is an open relay ;) Another issue with tarpitting is that at least 1 recent spamware tool will apparently use ~4 ESMTP connections in parallel when pumping spam through a relay. BTW has anyone mentioned Neale Pickett's honeypot? Here: http://woozle.org/~neale/src/python/spampot.py cheers, and feel free to cause as much trouble for spammers as you can ;), --j.
Current thread:
- spamd and anti-spam honeypots: some comments Justin Mason (Feb 16)