[Michael T. Babcock] E-mail spam honeypots


What's a honey pot? A honey pot is a way of attracting a target on purpose to analyze their behaviour. In this case I'm speaking specifically of E-mail honeypot addresses.

Sounds strange

"So you're collecting spam on purpose?" you may ask, and you'd be correct. Yes, I have purposeful spam-collection addresses not-so-well-hidden on all my web pages. These addresses are designed to be collected by spider bots that pick up our E-mail accounts on a regular basis. However, as the spammers send messages to these accounts, they identify themselves as spammers because, as you may have guessed, they are unique and not used for normal E-mail traffic at all.

For example, I have a few really obvious addresses like "imaspammer-blockme@mikebabcock.ca" that I might drop on a website. If you were so silly as to send me a message to that address, your future E-mails would not be certainly blocked, but would be sent off to several places that do spam reporting, including Vipul's Razor and my local Spamassassin Bayes database.

Sounds like effort

I have my qmail aliases configured to drop incoming mail from those accounts into an mbox file. That mbox file is then periodically locked and set aside by a service (you could use cron) and that copy is analyzed and reported on. I can also do some other analysis on these files as they pass through at that time, but a simple spamassassin -r --mbox /var/spool/mail/spam.mbox will do for most people.

My way works better

Well then feel free to share it.

Stumble it! XFN Friendly Powered by DJBDNS Powered by Zope Valid CSS! Website Security Test

Served by:  Zope 2.7.6

Page Copyright © 2014, Michael T. Babcock. All Rights Reserved.

To contact me, send an E-mail to sawyoursite at this domain.

If you'd really like your mail server reported for spam, send me some junk mail to junk-yum@mikebabcock.me or devnull@mikebabcock.me. This site powered by djbdns