Honeypots mailing list archives
Using specialized honeypots to build up-to-date spam blacklists?
From: "Jens Knoell" <jens () ing twinwave net>
Date: Sun, 28 Sep 2003 17:19:52 -0600
I just thought of something... so it's not totally well-thought-out yet, but so far the idea sounds feasible. The original idea is not from me, I just intend to build on a concept originally invented by a german anti-spam activist. What do you guys think about the following: Part one of the trap: I'll set up a few dummy webpages, put some useless text on it, and a little php script that does nothing else than generate valid-looking but basically invalid email addresses. I.e. the source code of the pages would contain ever-changing invalid addresses in there, for example <a href="mailto:joeuser () poof twinwave net">.</a> If I set it up right, the emails are technically there, but never visible to accidental visitors. Heck, I could even code in the requesting IP into the email address if I feel like it. This page then gets registered at various search engines, and maybe even updated every now and then with whatever crud I can find, to keep them from dropping off search engines as "dead" page. Could even be automated. Now to part two: I'll set up a mailserver for the (otherwise unused) domain poof.twinwave.net. Every mail to this domain gets accepted indiscriminately, but immediately dumped into a little parser which generates some statistics for personal enjoyment... AND... automatically adds the sender IP to the global blacklist that currently protects my mailservers. Sounds like a plan to get an accurate spammer list/relay list, and certainly sounds a lot more accurate than the current lists in use? It should be a piece of cake to set up, and virtually zero maintenance... If it works, I'd then go ahead and blindly forward everything that's @my.domains.here but not used into the parser, thus creating quite a respectable pool of invalid emails. As a result, spammers should have quite poisoned email databases, not to mention that _I_ have a nice accurate relay/spam database. What do you think? Anything I'm overlooking there? Jens
Current thread:
- Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 28)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Valdis . Kletnieks (Sep 29)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Gregory Deatz (Sep 29)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 30)