spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <>
Subject Re: Interesting Spam Trap Idea - Fake Authentication
Date Mon, 10 Jun 2013 15:40:12 GMT
On Mon, 10 Jun 2013, Marc Perkel wrote:

> I'm experimenting with an interesting spam trap idea. Normally I run many 
> inbound servers as spam filters (Using Exim) with no SMTP authentication. But 
> then I got this idea ....
> I decided to implement and advertise that the server had SMTP athentication 
> even though there was nothing to authenticate. I created an authenticator 
> that would accept any username and password. But it's obviously spam. Then I 
> harvest the spam.
> One of the things I like about it is that if hackers are sending spam into my 
> fake server then it takes away from their efforts on real accounts that they 
> could hack. I'm wondering if enough of us put up fake authentication not only 
> can we detect spam that way but we could waste a lot of spammer's resources.
> Thoughts?

Please don't feed messages caught by that into masscheck corpora without 
stripping the authentication information. Feeding such messages in 
unaltered will skew the results for legitimately authenticated mail.

  John Hardin KA7OHZ              FALaholic #11174     pgpk -a
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
   Homeland Security: Specializing in Tactical Band-aids for Strategic
   Problems.                       -- Eric K. in Bruce Schneier's blog
  375 days since the first successful private support mission to ISS (SpaceX)

View raw message