You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ned Slider <ne...@unixmail.co.uk> on 2008/12/12 13:00:32 UTC

Re: Spamtraps

Marcin Krol wrote:
> Henrik K wrote:
> sure there's other useful stuff you can do with spamtrap mails too.
>>
>> Unfortunately it takes a lot of effort to create *good* spamtraps. 
> 
> Yep.
> 
>> It's just
>> too much trouble for a normal admin, I leave it to those who have time on
>> their hands. You can do the simple grep for "mistyped" non-existant
>> addresses from logs etc, but it's just silly botnet crud that doesn't
>> represent the "real" spam coming to real users (that leak their 
>> addresses in
>> all sort of ways). 
> 
> This is exactly what I have a problem with: while lots of spam is 
> directed at my regular users, I get very little spam caught in my 
> spamtraps.
> 
> I have published spamtrap addresses (in "hidden" HTML of course, like 
> "mailto:address" in the same color as background of the page) on many 
> company webpages, posted spamtraps to Usenet some 6 months ago and I 
> still get very little spam caught in spamtraps.
> 

IMHO total volume isn't necessarily a good indicator. A few copies of 
each spam are all that's required to feed Bayes - you don't need 
thousands of copies of the *same* spam. The objective is that you get a 
copy of new spam and feed it to Bayes or a blocklist/custom 
rules/whatever *before* your users start seeing it.

Try responding to spam or clicking unsubscribe links from your spamtrap 
addresses. Exactly the type of thing you'd tell your users *never* to 
do. Spammers love confirmed live email addresses, especially those who 
read the spam and follow the instructions (like click here to 
unsubscribe). It makes those addresses perfect candidates for more spam.

Try signing up for some newsletters from dubious sites and then 
unsubscribing - if you can't opt out after opting in then it's spam and 
they'll likely sell your address on.

Using common easy to guess addresses (bob@example.com) rather than 
difficult to guess addresses (b.smith4244532@example.com) will generate 
more spam but also has the potential for more FPs - same with using an 
old address that's no longer used - you need to make sure it's no longer 
receiving any legitimate mail.