Honeypots mailing list archives

Re: Using specialized honeypots to build up-to-date spam blacklists?

From: "Jens Knoell" <jens () ing twinwave net>
Date: Mon, 29 Sep 2003 22:53:38 -0600

Hi Gregory

On Monday, September 29, 2003 7:34 [GMT-7], Gregory Deatz wrote:

I'm very interested in interesting ways to help prevent spam, and your
idea sounds really cool except this:  Once the "spammers out there"
figure out that poof.twinwave.net is poison, "poof.twinwave.net" would
then be "reverse-blacklisted", so your solution would only work for a
short while.  I think.


Depends on what page you use to inject the emails into. You don't even have
to create a fake page if you have a real webpage which you could use for
this purpose.

[...]
How do you propose to deal with the "attack-back" of the spammers
eventually ignoring your poison web-page?  We normal folk have spammer
blacklists, and spammers would have spam-poison blacklists.


Lets suppose you have a legit webpage, offering information on something.
You poison that page with fake email links...

If spammers catch on and blacklist that page, you have achieved two goals:
- Spammers won't harvest your page/domain anymore
- Spammers have additional work to find and eliminate such traps
Either case, you win.

And, to make things harder, you can add a little bit of nastyness. My
regular domain is @ing.twinwave.net (I could also use @twinwave.net, which
is currently not in use). It has valid email addresses on it, and they do
get spam. Now, currently there is no catch-all address for
@ing.twinwave.net, i.e. if you'd send a mail there to bogus () ing twinwave net
it'd bounce. If ISP's or even domain owners would go ahead and add a
catchall which feeds into the analysis/filter script, then you're ready to
rock and roll. _That_ should be hard to blacklist. And if they blacklist
it... success for me, because my customers would not get any more spam
either.

I've already set up a little experiment on a moderatly well visited page
(has about 5000 unique visitors per month), and the analyze script is being
worked on as well. For now, it only produces some stats.

Jens

Current thread:

Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 28)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Valdis . Kletnieks (Sep 29)
- Re: Using specialized honeypots to build up-to-date spam blacklists? Gregory Deatz (Sep 29)
  - Re: Using specialized honeypots to build up-to-date spam blacklists? Jens Knoell (Sep 30)