Honeypots mailing list archives
Re: Using specialized honeypots to build up-to-date spam blacklists?
From: "Jens Knoell" <jens () ing twinwave net>
Date: Mon, 29 Sep 2003 22:53:38 -0600
Hi Gregory On Monday, September 29, 2003 7:34 [GMT-7], Gregory Deatz wrote:
I'm very interested in interesting ways to help prevent spam, and your idea sounds really cool except this: Once the "spammers out there" figure out that poof.twinwave.net is poison, "poof.twinwave.net" would then be "reverse-blacklisted", so your solution would only work for a short while. I think.
Depends on what page you use to inject the emails into. You don't even have to create a fake page if you have a real webpage which you could use for this purpose.
[...] How do you propose to deal with the "attack-back" of the spammers eventually ignoring your poison web-page? We normal folk have spammer blacklists, and spammers would have spam-poison blacklists.
Lets suppose you have a legit webpage, offering information on something. You poison that page with fake email links... If spammers catch on and blacklist that page, you have achieved two goals: - Spammers won't harvest your page/domain anymore - Spammers have additional work to find and eliminate such traps Either case, you win. And, to make things harder, you can add a little bit of nastyness. My regular domain is @ing.twinwave.net (I could also use @twinwave.net, which is currently not in use). It has valid email addresses on it, and they do get spam. Now, currently there is no catch-all address for @ing.twinwave.net, i.e. if you'd send a mail there to bogus () ing twinwave net it'd bounce. If ISP's or even domain owners would go ahead and add a catchall which feeds into the analysis/filter script, then you're ready to rock and roll. _That_ should be hard to blacklist. And if they blacklist it... success for me, because my customers would not get any more spam either. I've already set up a little experiment on a moderatly well visited page (has about 5000 unique visitors per month), and the analyze script is being worked on as well. For now, it only produces some stats. Jens
Current thread:
- Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 28)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Valdis . Kletnieks (Sep 29)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Gregory Deatz (Sep 29)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 30)