Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [RFC] distributed spam traps, improved

2006-04-04 by Alan Clifford

On Tue, 4 Apr 2006, Emmanuel Dreyfus wrote:

ED> 
ED> The spam traps would be e-mail addresses released in web pages. The 
ED> DSTnet would work by exchanging messages in real time from site to 
ED> site. I already wrote the software that does that.
ED> 

I had a page on my website for a few weeks during 2004 with my musings on 
co-operative spam fighting (The page is still there 
http://www.clifford.ac/cooperativespamfighting.html and is visited by 
crawlers and I get email to the example honeypot address, even though 
there are no links to it from my website).

My premise then was, basically, that if everyone in the world had a second 
email address, indistinguishable from a real address, and the databases of 
the spamming fraternity could be polluted with those addresses, then spam 
to real addresses would be halved.  What if we all had a thousand false 
addresses?

Expanding on that, suppose I gave you a subdomain (like as done at 
http://www.projecthoneypot.org)) such that any mail sent to, say, 
@...-seine.net, was sent to, and accepted by, your server.  
You (you being some co-operative entity) would pollute the spamworld with 
addresses at donated subdomains and collect the ips of any mail sent to 
those addresses.  

Your scoring scheme, with the score rising and falling over time, would 
fit in here.  If you received a large quantity of spam to the honeypot 
domains, even from legitmate isp servers, then they would deserve to be 
blacklisted.  You could publish a level such as "192.168.0.1 has emitted 
spam at a rate of 1500 per hour over the past 24 hours" and I, as a user, 
could decide what trigger level to put in the milter that you are going to 
write.

Maybe this has all been tried before, I don't know.  However, I think the 
key is publicity.  If a large ISP gets a "Drefus score" above 1000, they 
need to be outed in the national and international press and that would 
need to be worked on as well as the technical side.

-- 
Alan

( Please do not email me AS WELL as replying to the list.  Please 
  address personal email to alan+1@ as lists@ is not read. A
  password autoresponder may be invoked if this email is very old. )

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.