At 11:20 AM 4/4/2003 -0500, you wrote:
Process question. How do you become a relay honeypot without being
blacklisted?
Spammers scan for open relays. When they find you you become (more often
than not) an active honeypot. I got checked about 15 minutes ago - a
recipient (dropbox) I don't recognize. The weekend is coming up - I'll see
if I get spam (I decided to deliver this one.)
At least one operator has reported enhanced results by being blacklisted -
he nominated himself. Open relay DNSBL's list the open relays. If the IP
you are using will never be a spam source then having it blacklisted causes
no harm to any valid email. It does cause harm to the spammer who gets his
lists of open relays by consulting a blacklist.
Originally I ran a combined server/honeypot (I separated relay spam from
valid email.) I got blacklisted. It was (still is) an .edu IP. In
reality the number of times a user complained about blocked delivery was so
small it wasn't a problem (plus I smart-hosted the server/honeypot to an IP
that wasn't blacklisted for a long time.)
I think blacklists should be salted with honeypots - it's about as easy a
way to give spammers grief that I can imagine. Salt them enough and the
spammers will stop using them as lists of open relays. Maybe I'm weird but
I always find it funny when a spammer sends relay spam to a honeypot - in
addition to its function a salted-address honeypot could be a source of
amusement. It's REALLY funny (to me) to deliver a relay test in the middle
of the spam run - Spammy has tumbled somewhat to the fact that his
responses are zip from the spam sent to that particular relay and he's
checking it. He sees: no problem, it relays fine. How can you not laugh?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg