Hugo Monteiro wrote:
mouss wrote:
[EMAIL PROTECTED] wrote:
Hi! Who's using spam traps in DSPAM?
And how are you doing it with the SMTP?!! I want to do it but I
don't know how :(
spam traps are not a simple thing. if spammers can guess your spam
traps, they can poison them directly, or they can use them as a
forged sender address to other people (think of subscribing them to
lists/groups/...). if they are not protected, honest usrs may send
mail to. ... etc.
That will depend on your action after mail is sent to the spamtrap
addresses...
If you choose to perform sender blacklisting, then i'm positive you'll
have trouble, since sender forgery is a) easy to do and b) one of
spammers approaches to get spam to the recipients.
In other hand, if you choose to blacklist the ip address of the
sending party, you won't have to worry about about a) or b). Still
there's a chance that a spammer uses the same smtp server to send
messages as a legitimate correspondent of some of your users. But even
if that's the case, i'd be willing to take the chance, and put that
responsability on the system administrator of that same server. For
those cases that you're sure that you will just have to accept mail
from, like gmail, yahoo and the like, you will always have
whitelisting possibilities.
the problem is if someone subscribes one of your traps to a mailing list
and the list sends you a confirmation request. you don't want to
blacklist the list nor use the confirmation message to train your Bayes.
yes, whitelisting is a good thing (dnswl.org is nice start), but as we
can't whitelist all "honest" organizations, the game is still risky. if
it's a completely secret and unguessable trap address, it's ok (because
before hitting it, dictionary attackers will hit other addresses, so you
get a warning...). but if it's an address that you put on a web site
(wpoison, ....) or that you subscribe to some site (to "test" them),
then there is some risk.
one possible thing is to pass it to the filter and if the message "may
be" spam (unlike general filtering, the threshold here may be low), then
assume it is. alternatively, train one mailbox with mailing lists mail
and pass the trap mail to, so as to detect "false positives"... I guess
a lot can be done here to detect "trap poisoning"...
!DSPAM:1011,48516efb150921326047776!
