At 02:37 PM 4/3/2003 -0800, you wrote:
> These discussions (which mostly I've seen in NANAE) drive me
> nuts. I get
> spam in my account, I know its spam. More to the point I
> trap relay spam
> to thousands of people using a honeypot. I don't need any
> definition to
> check on that: it's spam. I'd be certifiably nuts if I
> fretted over what I
> trapped being spam or not.
Clearly everything that is received by a honey pot is almost
certain to be indiscriminate. there is a small chance that
a message could get in one honeypot through accidental
mistyping of a name.
Not really. The honeypot is a relay - you'd have to use the honeypot as
SMTP server for the mail to reach the honeypot.
At it's purest the honeypot can be an IP address with no name
attached. You have to work very hard to come up with a scenario in which
anything but spam comes to such a relay.
it is almost certain that any message that
shows up in multiple honeypots is spam.
There are a few, a very few cases where a mail sent to a honeypot
could be wanted by someone else. The only case that I think is
likely to be widespread is rare public service announcements which
is something that can only be dealt with through a whitelisting
approach in any case.
Still, the honeypot (as I intend the term) is a fake open relay. No PSM
should be sent through open relays.
I don't like the idea of defining spam in a way that seems to
approach 'spam is what our filters say is spam'.
It's not a definition of all spam. It's a recognition of what it is the
honeypot receives.
Alternately you can call it unauthorized relay email - URE, so even if
spammy relays a message to his mom it is valid to not deliver it.
> There's a reason for everyone to use honeypots right there:
> you can forget
> worrying about the definition of spam. If you trap it then it's
> spam. Boom. end of discussion.* If you don't somebody else
> is dealing
> with whether or not it meets the criteria, whatever "it" is.
Some spam might not show up in honeypots though. For example
the spam that spamarrest sent to all the people who sent email
to its users.
Scelson spam never will, all direct spam is immune to honeypots. It's a
sitting duck for blocklists, though. My goal is to see relay spam end
(including spam through open proxies.) If there's still direct spam I want
that to end to but honeypots won't have any real effect on that. I'll
become a spectator.
Spam = Unwanted and indiscriminate messages
Works fine here.
Sure. What I capture = spam works fine for me.
Actually, what I capture = relay tests is my current mode of operation - I
don't normally let the spammer relay tests go on to their
destination. Last month I did deliver a few test messages and got spam for
200,000 or so recipients. 99-recipient spam. I retained all of
it. Mid-month I probably will let another test go through. I'm interested
in seeing what spam follows which relay test.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg