At 02:22 PM 4/4/2003 -0500, you wrote:
Given that blacklisters range from those who block the IP, to those who
block an entire range of IPs. And given that you are depending on
blacklisters testing for delivery and not just existance. And given that
the detection process has to be manual, and has to distinguish between
blacklister tests and spammer tests. I don't think you are going to find
a lot of people willing to set up honeypots of this type.
I doubt many base their decision on what you've identified, I doubt saying
anything about it will have an effect, but I think you greatly
over-estimate that potential problem. You'd have to have an over-eager
blocklist that concentrates on open relays and that actively searches for
the same. That's no one I know of.
I usually just accept the test messages and don't deliver them - my current
interest is in that aspect of the spamming problem. I'd be very glad to
see many more people setting up systems just to trap relay tests, no
more. If the tests were reported (say in NANAS) that would help describe
the spammer test practices to a wider audience. The person running the
honeypot could learn more about how the spammers test in his portion of the
internet and quite easily could see and identify a new form of relay
test. I trap some tests with addressees that are so extreme
(letsmurderantispammers(_at_)yahoo(_dot_)com) that I have to believe the spammer
actually relies on the bounces (to, for instance,
gutter554de(_at_)hotmail(_dot_)com). What else might be discovered?
The spam problem is not solved, relay tests are a key part of much spam. I
think it is worth the tiny amount of effort involved to trap the tests. If
the ISP (in the example case, PacBell) of the spammer was at all responsive
then there could even be action taken. In the absence of action all I have
is documentation of inaction. That may be worthless - maybe not.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg