[Scspamcop] Re: setting up a spamtrap

Andrzej Filip anfi at onet.eu
Wed Jan 2 05:40:19 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Wright wrote:
> Sofa King Tyred of Lar Ting wrote:
> 
>> Now, if the spammers had ways of getting spamtrap address *subscribed*
>> to mailing lists, I could "buy" the discredit problem. AFAIK, that's not
>> possible with a serious list.
>>
> 
> They don't have to subscribe to a mailing list, all they need to do is
> identify that you have a 'honeypot' sat on www.example.com/ with the
> address of honeypot at example.com
> 
> They then "attempt" to sign up honeypot at example.com to 'a list'
> Of course, being a good list, it will send out a confirmation email
> requesting that you confirm your membership request.
> 
> Except, it's written in Chinese...
> And you are not going to hand verify every email that is sent to your
> 'honeypot' / spamtrap.
> 
> And if you did, you'll see some weird Chinese email that you don't have
> a clue what it's about. You'll assume it's spam, and report it.
> But it was a bonafide request from a properly run list server to verify
> that 'someone' at IP a.b.c.d requested to join list at
> www.another-example.com.
> 
> So you'll report it as spam, the list owner complains that it was a
> valid list membership request, and your honeypot/spamtrap is discredited
> (when the said spammer signs your spamtrap up to multiple valid and well
> run lists).

I do believe that properly run mailing list in any language should
append ~20 words of "English explanation" (*current* universal language)
to confirmation requests.

I run public spam-trap (spams are reported to NANAS newsgroup). I do
remember for sure one attempt to subscribe the spam-trap to mailing list
that sent "confirmation request" in polish *only*. I makes me think I
might report some "confirmation requests" in non-English languages I do
not know :-)

P.S. "Public" spam-traps are needed *too*. *Public* evidence easies a
few things and makes "if we only knew" line of defense much harder.

- --
[pl>en: Andrew] Andrzej Adam Filip : anfi at priv.onet.pl : anfi at xl.wp.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHe2oRqmxEvGofXN0RAsXnAJwNCtDBuDz0BQ15tBM+i2ML1jsb4ACfZAn3
2HEHjTjL2hYx8SN7ARZNXZE=
=L8HG
-----END PGP SIGNATURE-----

More information about the SCspamcop mailing list