Automatic Honeypot
Idea shared by Rick Ryan - January 11 at 9:49 PM
Under Consideration
An email system I used years ago had an automatic honeypot feature that automatically blacklisted any sender that sent an email to a specific address.  A pre-defined email address could be added to your web site in white on white or some other way that wouldn't be obvious to someone in a browser.  Spammers who are scraping would easily find the address.  No legit emailer would ever send a message to that address, and anyone who did would be blacklisted.  Thoughts?

5 Replies

Reply to Thread
1
Yes...Would be great.  
We operate a couple of email systems to where you can identify a specific email as a "honeypot".   And again... ANY email that hits that.. the sending address, and I/P get marked higher marks of spam for X amount of minutes.
 
 
1
Sign us up !  I like that.

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

0
Robert Emmett Replied
Employee Post
Rick, this is a great idea.  I have added this to our features request list for further consideration by the development team.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thumbs up!
1
Well I'll pass on a little trick that works for me, but I won't go so far as recommending it to anyone.  We have multiple MX Records for all domains. We discovered that many spammers send to the lowest priority MX Record (highest numerical weight).  We also found that while the highest priority SMTP servers were online there were no legitimate messages sent to the lowest priority MX Record (highest numerical weight) server.
 
For example if you have:
IN MX 10 mainserver1.domain.com
IN MX 20 mainserver2.domain.com
IN MX 30 backupserver.domain.com
You will find that nothing but spam will be sent to backupserver.domain.com and will be sent to your main server for processing.
 
But if you change the above to:
IN MX 10 mainserver1.domain.com
IN MX 20 mainserver2.domain.com
IN MX 30 backupserver.domain.com
IN MX 40 dummyserver.domain.com
If you point dummyserver.domain.com to any server with port 25 closed will essentially honeypot or blackhole spam. 
 
The only people that I know of that intentionally would send to the lowest priority (highest numerical weight) SMTP server when the higher priority servers are online are spammers. I have also found that spammers won't take the time to retry different servers.
 
Just my experience... your results may vary.
 
-Joe

Reply to Thread