Honeypots mailing list archives

Using specialized honeypots to build up-to-date spam blacklists?

From: "Jens Knoell" <jens () ing twinwave net>
Date: Sun, 28 Sep 2003 17:19:52 -0600

I just thought of something... so it's not totally well-thought-out yet, but
so far the idea sounds feasible. The original idea is not from me, I just
intend to build on a concept originally invented by a german anti-spam
activist. What do you guys think about the following:

Part one of the trap:
I'll set up a few dummy webpages, put some useless text on it, and a little
php script that does nothing else than generate valid-looking but basically
invalid email addresses. I.e. the source code of the pages would contain
ever-changing invalid addresses in there, for example <a
href="mailto:joeuser () poof twinwave net">.</a>

If I set it up right, the emails are technically there, but never visible to
accidental visitors. Heck, I could even code in the requesting IP into the
email address if I feel like it.

This page then gets registered at various search engines, and maybe even
updated every now and then with whatever crud I can find, to keep them from
dropping off search engines as "dead" page. Could even be automated.


Now to part two:
I'll set up a mailserver for the (otherwise unused) domain
poof.twinwave.net. Every mail to this domain gets accepted indiscriminately,
but immediately dumped into a little parser which generates some statistics
for personal enjoyment... AND... automatically adds the sender IP to the
global blacklist that currently protects my mailservers.


Sounds like a plan to get an accurate spammer list/relay list, and certainly
sounds a lot more accurate than the current lists in use? It should be a
piece of cake to set up, and virtually zero maintenance...

If it works, I'd then go ahead and blindly forward everything that's
@my.domains.here but not used into the parser, thus creating quite a
respectable pool of invalid emails.

As a result, spammers should have quite poisoned email databases, not to
mention that _I_ have a nice accurate relay/spam database.


What do you think? Anything I'm overlooking there?

Jens

Current thread:

Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 28)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Valdis . Kletnieks (Sep 29)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Gregory Deatz (Sep 29)
  - Re: Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 30)