I'll just ask: why is there such resistance to open relay and open proxy
honeypots? A huge proportion of spam is delivered via a path that uses one
or both. It's dirt simple to run honeypot, deceiving the spammers. Why
is it so hard to get people to recognize the power?
If you are interested in researching how spammers operate you can get a
good sampling of spam sent directly to you, courtesy of the spammer. I
delivered 3 or 4 spammer relay tests in February and trapped over 2800 spam
messages, most with 99 recipients. I can see much of how he operates (and
the mistakes he makes, like putting the "meet Russian women" subjects on
his MMF spam. I can see how he mixes the three spams in his run ("Viagra,"
meet Russian women, MMF.)
None of that is vital. the point is that my view of the spamming operation
is in some ways better than the view of someone who only has spamtrap
addresses. I can see, for instance, that this spammer appears to have
stopped spamming AOL addresses shortly after AOL made the big press splash
about trapping 1 billion messages in a single day. serious
Nothing I do interferes with any legitimate email, nothing I do depends on
an algorithm to detect spam. I don't need an algorithm: the spammer sends
spam via abuse pathways - he's already done the filtering. Someone
responsible for a subnet could divert all illicit SMTP and proxy traffic
aimed at systems on that subnet to a single honeypot. Once you divert the
traffic you are in a position to make use of it, as you choose, to
inconvenience the spammer. Why not do it?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg