ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Relay honeypots (RE: [Asrg] define spam)

2003-04-04 09:58:08
from [Paul Judge] [Permanent Link] 
Changing subject of this thread.


-----Original Message-----
From: Brad Spencer [mailto:brad(_dot_)madison(_at_)mail(_dot_)tds(_dot_)net] 
Sent: Friday, April 04, 2003 11:44 AM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] define spam


At 11:20 AM 4/4/2003 -0500, you wrote:


Process question.  How do you become a relay honeypot without being
blacklisted?


Spammers scan for open relays.  When they find you you become 
(more often 
than not) an active honeypot.  I got checked about  15 
minutes ago - a 
recipient (dropbox) I don't recognize.  The weekend is coming 
up - I'll see 
if I get spam (I decided to deliver this one.)

At least one operator has reported enhanced results by being 
blacklisted - 
he nominated himself.  Open relay DNSBL's list the open 
relays.  If the IP 
you are using will never be a spam source then having it 
blacklisted causes 
no harm to any valid email.  It does cause harm to the 
spammer who gets his 
lists of open relays by consulting a blacklist.

Originally I ran a combined server/honeypot (I separated 
relay spam from 
valid email.)  I got blacklisted.  It was (still is) an .edu IP.  In 
reality the number of times a user complained about blocked 
delivery was so 
small it wasn't a problem (plus I smart-hosted the 
server/honeypot to an IP 
that wasn't blacklisted for a long time.)

I think blacklists should be salted with honeypots - it's 
about as easy a 
way to give spammers grief that I can imagine.  Salt them 
enough and the 
spammers will stop using them as lists of open relays.  Maybe 
I'm weird but 
I always find it funny when a spammer sends relay spam to a 
honeypot - in 
addition to its function a salted-address honeypot could be a 
source of 
amusement.  It's REALLY funny (to me) to deliver a relay test 
in the middle 
of the spam run - Spammy has tumbled somewhat to the fact that his 
responses are zip from the spam sent to that particular relay 
and he's 
checking it.  He sees: no problem, it relays fine.  How can 
you not laugh?

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] define spam, Brad Spencer
Next by Date:  Re: [Asrg] define spam, Brad Spencer
Previous by Thread:  RE: [Asrg] Taxonomy and List of Requirements, Paul Judge
Next by Thread:  Re: Relay honeypots (RE: [Asrg] define spam), Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]