[Scspamcop] Re: setting up a spamtrap

Sofa King Tyred of Lar Ting nobody at devnull.spamcop.net
Thu Jan 3 14:16:14 EST 2008 

Chris Wright wrote:
> Sofa King Tyred of Lar Ting wrote:
> 
>> Now, if the spammers had ways of getting spamtrap address *subscribed*
>> to mailing lists, I could "buy" the discredit problem. AFAIK, that's not
>> possible with a serious list.
>>
> 
> They don't have to subscribe to a mailing list, all they need to do is
> identify that you have a 'honeypot' sat on www.example.com/ with the
> address of honeypot at example.com
> 
> They then "attempt" to sign up honeypot at example.com to 'a list'
> Of course, being a good list, it will send out a confirmation email
> requesting that you confirm your membership request.
> 
> Except, it's written in Chinese...
> And you are not going to hand verify every email that is sent to your
> 'honeypot' / spamtrap.
> 
> And if you did, you'll see some weird Chinese email that you don't have
> a clue what it's about. You'll assume it's spam, and report it.
> But it was a bonafide request from a properly run list server to verify
> that 'someone' at IP a.b.c.d requested to join list at
> www.another-example.com.
> 
> So you'll report it as spam, the list owner complains that it was a
> valid list membership request, and your honeypot/spamtrap is discredited
> (when the said spammer signs your spamtrap up to multiple valid and well
> run lists).

Again, this "theoretically" is possible, but I see it as insignificant 
and at worst an exaggeration. I think a good list manager will know that 
it's not a "valid" request, especially when this some directed attack to 
discredit a spamtrap.

I've personally never heard of this scenario happening, but don't doubt 
it's possible or that it has happened. I'd be willing to bet that in 
such cases, the IP used to issue the subscription request via SMTP was 
miscreant. Everyone knows that spammers make use of these IPs to carry 
out their misdeeds. A well run list would not accept requests from IPs 
having no business sending SMTP.

The backscatter problems I see make it evident that many lists don't 
check the IPs of the subscribe (or unsubscribe!) requests. The lists 
bounce them to me all the time since my email is forged as the sender. 
The requests all come from zombies, but are not intended to discredit a 
spamtrap. They are merely spams that end up going to harvested email 
addresses, such as unsubscribe-xyz at example.com.

A spammer that wishes to send list requests by means of some legitimate 
system to discredit a spamtrap is spending time/resources doing 
something that is not very profitable for her, not to mention possibly 
exposing her identity or location. That would be flattering to me, and a 
"good" problem to have, to see that a spammer were wasting time instead 
of sending spam.

More information about the SCspamcop mailing list