Automatic Honeypot
Idea shared by Rick Ryan - January 11 at 9:49 PM
Completed
An email system I used years ago had an automatic honeypot feature that automatically blacklisted any sender that sent an email to a specific address.  A pre-defined email address could be added to your web site in white on white or some other way that wouldn't be obvious to someone in a browser.  Spammers who are scraping would easily find the address.  No legit emailer would ever send a message to that address, and anyone who did would be blacklisted.  Thoughts?

6 Replies

Reply to Thread
1
Yes...Would be great.  
We operate a couple of email systems to where you can identify a specific email as a "honeypot".   And again... ANY email that hits that.. the sending address, and I/P get marked higher marks of spam for X amount of minutes.
 
 
1
Sign us up !  I like that.

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

0
Robert Emmett Replied
Employee Post
Rick, this is a great idea.  I have added this to our features request list for further consideration by the development team.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thumbs up!
1
Well I'll pass on a little trick that works for me, but I won't go so far as recommending it to anyone.  We have multiple MX Records for all domains. We discovered that many spammers send to the lowest priority MX Record (highest numerical weight).  We also found that while the highest priority SMTP servers were online there were no legitimate messages sent to the lowest priority MX Record (highest numerical weight) server.
 
For example if you have:
IN MX 10 mainserver1.domain.com
IN MX 20 mainserver2.domain.com
IN MX 30 backupserver.domain.com
You will find that nothing but spam will be sent to backupserver.domain.com and will be sent to your main server for processing.
 
But if you change the above to:
IN MX 10 mainserver1.domain.com
IN MX 20 mainserver2.domain.com
IN MX 30 backupserver.domain.com
IN MX 40 dummyserver.domain.com
If you point dummyserver.domain.com to any server with port 25 closed will essentially honeypot or blackhole spam. 
 
The only people that I know of that intentionally would send to the lowest priority (highest numerical weight) SMTP server when the higher priority servers are online are spammers. I have also found that spammers won't take the time to retry different servers.
 
Just my experience... your results may vary.
 
-Joe
1
Matt Petty Replied
Employee Post
This has been implemented in SmarterMail 17 as a spam filter.
Just some notes.
-You can block on the connection level if the IP matches one in the honey pot, granted the IP is not in the whitelist, is not a gateway, and was not IP Bypassed.
-There are 3 levels of spam score, Passed, Triggered, Listed.
-You can set any number of honeypot addresses. If these are found in the recipients of an email the email is given the "Triggered" score.
-The honeypot addresses you set will automatically be accepted in SMTP regardless if this address is in use on your server or not.
-"Triggered" means that the email had a recipient that matched a honeypot address.
-"Listed" means that IP was found in the honeypot.
-"Passed" means the IP was not found in the honeypot nor was the email being delivered to a honeypot address.
 
If you have any questions at all let me know and I will do my best to respond. I'm happy we were able to include this, and other spam checks (stay tuned), in the SmarterMail 17 release!
 
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread