ietf-asrg
[Top] [All Lists]

Re: [asrg] 6. proposal of solution: Using Relay Honeypots to Reduce Spam

2003-04-16 07:31:18
From: "Jon Kyme" <jrk(_at_)merseymail(_dot_)com>

Honeypots add to the solution and do not interfere. Honeypot-trapped spam
can also be used to feed into the DCC and Razor databases. No matter how
cleverly the spammers disguise the spammish nature of what they send it
is
known to be spam the instant a honeypot traps it.

It strikes me that this might be the most sensible sort of use
for honeypots.  So not exactly a "solution" then, but an assisting
technology?

That reasoning is exactly why a standard configuration of DCC clients
is to report unauthorized relay attempts with counts of "many."  After
a couple years, that reasoning is clearly wrong.  Only a very few of
the stupiest spammers pump more than a few 100 messages through a
system that answers relay attempts with "250 OK" but does not deliver.

It does not matter whether spammers are doing the obvious and including
undetectable drop-boxes in their spews.  (It is obviously impossible
for a honeypot operator to distinguish or detect one address that gets
a copy of every spam sent by a relay spammer and is monitored by the
spammer from every other address that gets a copy of every spam sent.)
What matters is that honeypots that don't deliver spam to victims
don't get used by spammers, while honeypots that do deliver spam are
no better than Spamfords paid "Bandwidth Partners" and must be treated
like the spammers they are.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg