How can I attract more Spammers hitting my Spam traps?

Currently I have a number or domains that are set up as Email Spam traps. So if I get mails on that domains I can be certain that it is ~100% Spam. I'm using this information to temporarily defer message delivery from spamming IPs on my real Email domains. I can also use the Spam mails to improve Bayesian filtering and identifying brand new viruses before they hit my real inboxes.

This procedure is only effective when I get many Spams on the Spam traps. So the question is how can I generate more Email traffic on the Spam trap domains?

I'm not going to register Spam traps at dubious newsletter senders as this would increase the false negative rate. And it would also need too much manual work to register hundreds of addresses.

Trying to publish the Spam trap addresses on Websites also failed. I have millions of addresses published and they got harvested but not used for spamming. It takes weeks and months until you get a noticeable amount of Spam on these addresses.

I'm not going to publish these Spam traps on forums and guestbooks as this would mean fighting Spam by spamming the web.

What I'm now looking for are ways how I can "accidentally" reveal hundreds and thousands of Email addresses so that Spammers pick them up and use them in their campaigns. But if someone can give me advice which other methods are good to attract Spammers I will appreciate this.


Anwering Miles' suggestions:

  • Mark's only points out how to set up good sites for harvesting and what to do with the fetched Spam. But as I said I already have these pages which are not harvested enough
  • Phil's experiment is too old. His approach was appropriate until 2004 and in a way until 2006. But then Spammers changed their methods drastically.

    1. Using external services as Craigslist or guestbooks counts as spamming in my opinion and so is not a valid option.
    2. This is poisoning of half-legitime newsletters and increases the false negative rate.
    3. I already have two servers that are pretending to be open proxies. But as they are not a real open proxy I can see that spammers do testing attempts. These test mails are not returned to them and so they see that it is only a fake open relay. So they avoid these servers for their tasks.
    4. Twitter gets only be crawled for tweets with special keywords. These accounts are then followed and used for twitter spamming. But not for email spamming.

Solution 1:

You could setup a fake company web sites and "accidentally" publish a dump file called "users.sql" with names and email addresses (something like "staff.csv" might actually be more effective). Once it gets it indexed by Google you'd expect some spammer to pick it up.

If you're feeling a bit bolder you could dig into the underbelly of the email marketing underground yourself and offer to sell a database dump you stole from a server you compromised.... (since patched of course). Just make sure you route through tor or a public vpn provider when doing this!

Or do a Lulzsec-style release on pastebin, not sure how you'd "promote" it so it got picked up by scripts though, probably using keywords like hacked database, email address etc would help.

Solution 2:

Interesting resources:

  1. Mark Adams (2011) has an interesting article on how to start a spam trap which includes some interesting pointers. He points out that contact addresses in the whois records of new domains are a prime target of spammers.

  2. Phil Bradley's Great SPAM Experiment (2002), although dated, documents a methodical approach to attracting spam in a variety of ways. Of all the approaches that he tried, sending unsubscribe requests to spammers was his winning method.

Additional thoughts:

  1. New Craigslist postings are routinely crawled for both e-mail addresses and phone numbers (for SMS spam). You might consider posting something on Craigslist (maybe you're selling your 1998 Honda Civic?) and decline to use the anonymizer.

  2. If I wanted to attract spam to an e-mail address, the first thing I'd think of is to send a message to [email protected] ("Easy, lasting Bulk Email service") with "unsubscribe" in the subject line and the first line of the body.

  3. Per @LucasKauffman's suggestion, you could try setting up an apparently open relay on port 25 of the host specified in a newly registered domain's MX record, then analyze what comes in. Your SMTP service would need to accept messages addressed to foreign domains but not actually relay them.

  4. Twitter gets crawled by spambots. I wonder what happens if you tweet something like "I'll be camping next week, so e-mail [email protected] if you need anything!"