Setting up a fake email address to trap spammers

email spam honeypot
5,199

Solution 1

Has anyone else tried this:

  • Certainly, yes. Almost every anti-spam service out there uses them, the industry term is "spamtraps"

How do you go about doing it?

  • Normally, find an address in one of the domains which receives a lot of spam and confirm with the owner that it is not in use and they have no plans to resurrect it. This process can be (partially) automated.

Does it work?

  • Yes. The most useful thing is, that as you can guarantee that messages sent to traps are spams, you can use it to calibrate the effectiveness of an engine at any given time, to measure how well you're doing at blocking spam (false negatives) - provided you have a sufficiently large sample of spamtraps; most anti-spam companies would have hundreds or thousands
  • They can also be used by automatic learning systems to "learn" stuff about spams. But that could learn about spam sent to non-spamtrap addresses too (of course, you're never 100% sure it's a spam if it's sent to a non-spamtrap address)
  • "Blacklisting" sender addresses is not normally used. This is because apparent spammers usually invent garbage sender addresses anyway, and because apparent spammers occasionally reform their ways and start sending clean mail
  • IP address blacklisting isn't used (in a simplistic form) either, for the same reason; "bad" IP addresses can start being "good", so if you had a blanket ban, legitimate mail would end up being blocked.

Normally you wouldn't use just a single address; that wouldn't be enough. Try a few hundred spread throughout all your domains (for a start).

You can advertise them if you like, but if your domains are sufficiently well-known to spammers, candidate spamtrap addresses probably already exist within them (they are probably mailboxes which don't exist on your end-user systems).

Whole spamtrap domains can be set up - I'm sure many companies use these - either buy 2nd hand domains or register realistic sounding ones with a plausible (albeit fake) web site. Subdomains can work too. Spamtrap domains are handy because you can set them up with keywords or in specific top-level domains that spammers might be targetting.

Solution 2

Project Honey Pot may give you some ideas as to methods and effectiveness. If you want, you can subscribe to their blacklist and let them handle all this.

I am confused as to what you mean by "legitimate senders using harvested addresses" - I would, in almost all cases, deem such a sender illegitimate by definition.

Solution 3

i have not tried this method, but i think [ unless you handle tens of thousands of mailboxes ] you'll be much better off using anti-spam system that takes decision based on multiple rbls and content checks like dcc / razor / pyzor.

many rbls use spam traps on much wider scale than i think you could deploy.

Solution 4

My concern with blacklisting every sender is that it is fairly easy to spoof who sent an email.

Solution 5

Hmm... Just adding my opinion to the discussion.

I don't think this method has a good success rate. Just had a look on a bunch of Spams. Generally spammers use fake email addresses while spamming and they never use the same address again and again. So blacklisting the Email addresses or Domains would not be a good solution.

But your hidden address thing seems to be a nice idea. Since the actual users do not see it and only a crawler can filter out the email address you can assume that only the spammers will get that address.

Then you can integrate that idea with IP addresses. If the mails sent to the hidden address are coming from some IP range you can just assume that IP range is a spamming range.

But as of my view the result you are gaining by this is not worth while concerning the effort. I think the content based filtering mechanisms are fruitful than this "Honey pot" machanism

Share:
5,199

Related videos on Youtube

phirschybar
Author by

phirschybar

Updated on September 17, 2022

Comments

  • phirschybar
    phirschybar almost 2 years

    I have heard it suggested that we set up a special email address, with it's only purpose being to be harvested. Then blacklisting every sender that targets this address.

    I'm wondering:

    • if anyone else has tried this
    • how do you go about doing it (ie - put the address in a hidden field on your website - or better ways?)
    • does it work?
    • Is there anything to watch out for when trying this (ie. legitimate senders using harvested addresses?)
  • phirschybar
    phirschybar about 15 years
    We already have a pretty good spam-filter in place. I'm considering this as an additional measure, as blacklisting would reduce the load on te mailfilters.
  • pQd
    pQd about 15 years
    if anyone is going to blacklist anything i would definitivly do it based on ip not sender mail address.
  • GreenKiwi
    GreenKiwi about 15 years
    This seems like a good place to just use someone else's hard work creating/managing the blacklist.
  • Andy
    Andy about 15 years
    Good point. But do spammers have more difficulty in spoofing an IP? genuinely curious
  • user267202
    user267202 about 15 years
    Yes, it's more difficult. Plus they have less reason to do it.
  • MarkR
    MarkR about 15 years
    Forgot to mention, I work for a major antispam company :)
  • ceejayoz
    ceejayoz about 15 years
    "I think the content based filtering mechanisms are fruitful than this "Honey pot" machanism." Honey pots can be wonderful for getting the content to filter against. You set one up and use it to seed your content filters.
  • Alene Vandermyde
    Alene Vandermyde over 13 years
    Note that if you're setting up traps on a domain that also receives legitimate mail, you should choose addresses which, while plausible-looking, are sufficiently distinct from any extant, legitimate addresses to preclude the possibility of a typo leading to a blacklisting. Likewise, understand the trade-off between using an "inactive" address and a new address as a spamtrap: The former gives you more coverage, but risks false positives from, e.g., emails forwarded by legitimate, non-commercial senders to a large number of addresses.
  • Ben Ashton
    Ben Ashton over 12 years
    What happens when you get spam from someone behind a large NATed address? Entire hotels, schools etc will get blocked when using this technique if the offender / infected computer enters these networks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

PermError SPF Permanent Error: Too many DNS lookup
how to avoid email header Received: from unknown and email going to spam
PHP - Send email from other domain without being spam!
sending mail with php & escaping hotmails junk folder
Fake Bounce Spam Emails in Gmail - Are These Really That Fake?
Gmail is marking my emails as SPAM - Please help
How to avoid getting spam through a website?
My website's email is being marked as spam, how do I analyse a X-CNFS-Analysis email header?
Way to list "Contact Us" email address on web site, yet reduce likelihood of spam?
How can I find out if my domain has been added to email blacklists?