Honeypot Trapping Google, Microsoft 365 and Others
Question asked by Jay Dubb - 12/9/2021 at 2:02 PM
For a while we celebrated (with great joy) the Honeypot function being added to SmarterMail.  We have many email addresses known to have been scraped from web pages back in the late 90s, and were deleted more than 20 years ago.  These were perfect for seeding the list because we see a lot of "550 no such user" rejections in the SMTP logs for them.  No legitimate sender would use them.

Unfortunately, the permissiveness of Gmail and Microsoft 365 has led to them becoming major sources of spam (even as they significantly tighten their own inbound filters-- hypocrites) resulting in many of their IPs landing in the Honeypot blacklist.

Running a commercial mail server with paying customers, this has become not viable.  Shortly after implementing the Honeypot, we began receiving complaints from users not receiving mail from legitimate senders at Gmail and Microsoft 365.  A quick check showed the messages were being blocked by IPs listed by the honeypot.  That was a quick lesson not to use for blocking, only spam scoring.

We still think honeypots have value for certain use cases, but I wanted to caution those running commercial systems that "too big to block" service providers can (and will) end up in your blacklists.  Use with caution, don't use it for outright blocking-- and if you do choose to use for blocking, review your blacklists frequently.

Reply to Thread