Setting up a fake email address to trap spammers

email spam honeypot

Has anyone else tried this:

  • Certainly, yes. Almost every anti-spam service out there uses them, the industry term is "spamtraps"

How do you go about doing it?

  • Normally, find an address in one of the domains which receives a lot of spam and confirm with the owner that it is not in use and they have no plans to resurrect it. This process can be (partially) automated.

Does it work?

  • Yes. The most useful thing is, that as you can guarantee that messages sent to traps are spams, you can use it to calibrate the effectiveness of an engine at any given time, to measure how well you're doing at blocking spam (false negatives) - provided you have a sufficiently large sample of spamtraps; most anti-spam companies would have hundreds or thousands
  • They can also be used by automatic learning systems to "learn" stuff about spams. But that could learn about spam sent to non-spamtrap addresses too (of course, you're never 100% sure it's a spam if it's sent to a non-spamtrap address)
  • "Blacklisting" sender addresses is not normally used. This is because apparent spammers usually invent garbage sender addresses anyway, and because apparent spammers occasionally reform their ways and start sending clean mail
  • IP address blacklisting isn't used (in a simplistic form) either, for the same reason; "bad" IP addresses can start being "good", so if you had a blanket ban, legitimate mail would end up being blocked.

Normally you wouldn't use just a single address; that wouldn't be enough. Try a few hundred spread throughout all your domains (for a start).

You can advertise them if you like, but if your domains are sufficiently well-known to spammers, candidate spamtrap addresses probably already exist within them (they are probably mailboxes which don't exist on your end-user systems).

Whole spamtrap domains can be set up - I'm sure many companies use these - either buy 2nd hand domains or register realistic sounding ones with a plausible (albeit fake) web site. Subdomains can work too. Spamtrap domains are handy because you can set them up with keywords or in specific top-level domains that spammers might be targetting.


i have not tried this method, but i think [ unless you handle tens of thousands of mailboxes ] you'll be much better off using anti-spam system that takes decision based on multiple rbls and content checks like dcc / razor / pyzor.

many rbls use spam traps on much wider scale than i think you could deploy.


Project Honey Pot may give you some ideas as to methods and effectiveness. If you want, you can subscribe to their blacklist and let them handle all this.

I am confused as to what you mean by "legitimate senders using harvested addresses" - I would, in almost all cases, deem such a sender illegitimate by definition.


My concern with blacklisting every sender is that it is fairly easy to spoof who sent an email.

Related

Remove domain from HPKP preload list
Commandline tool for viewing xls files
sshfs is not mounting automatically at boot, despite /etc/fstab configuration
What advantages does markdown have over asciidoc?
How do I import a private key into GPG so that it becomes the default key?
Use phone as microphone in Linux
Is there a way to configure Unity Panel to autohide? [duplicate]
What is CryptoTokenExtension in Chromium extensions?
What is the purpose of shopt -s extglob
How do I create panes within a Nautilus window?
Firefox freezing with 100% CPU usage for 30 seconds when launching Chromium
Why was Banshee chosen to be the default for 11.04?