On Monday, December 5, 2005, 6:02:02 PM, John wrote:
|
> |
What is the best way to get a spam trap going. I have an old "abandoned" email account that I just use for testing. It gets some spam now, but a low volume. However, 100% of the mail is spam. It would be very easy to filter and keep the non-Sniff'd mail and delete the remainder.
Should I use it to sign up at some junkmail sites, kind of "seeding" the account to encourage spam to it? |
When setting up a spamtrap, it's a bad idea to sign up for - or use the email account for anything. Technically, once you've done that the folks you signed up with have a reason to have you on their list. So, a pure spam trap is one that preferably has never been used, or, in some cases, hasn't been used for so long that you are absolutely sure not to get any legitimate messages.
The easiest way to get a spam trap going is just to have the email address out in the open somewhere on a web page --- some spammer will eventually collect the address. Another way - if you have the capacity to deal with it - is to set up a catch-all (nobody) account on a dead, or new and unused domain. This will capture all dictionary attacks that come by - but watch out -- it can be a LOT of volume.
There are other methods of "seeding" spamtraps, but they are all controversial or well kept secrets. I don't advise any of these practices, but I've seen them work:
* Some folks do, on occasion, have success seeding spamtraps by visiting spamvertized sites using throw-away email accounts and explicitly unsubscribing... generally, the less reputable sites will sell the email quickly to others.
* Some folks hide throw-away addresses in tag lines and post to usenet groups or blogs... for example, saying: Don't send mail to this address: ([EMAIL PROTECTED]) because it's not valid! Use this other address instead: ... Trolling spammers will generally pick up the bad addresses as well as the good ones - depending on how well you obfuscate them.
* Some folks will set up throw-away accounts on their web site's contacts pages - usually hidden to avoid confusion... When these addresses are harvested, they will make a point to visit the links in the messages (carefully on a well protected machine to avoid getting/spreading viruses). The links and images are generally bugs that will push the harvested addresses into the "known good targets" lists. Spammers are constantly trading lists -- so once you prove you exist you get pretty widely published. Note I said - they follow the links.. they do not sign up for anything... just looking.
All of these methods and others you may hear about are generally bad ideas - but they do tend to work none the less.
Hope this helps,
_M
|
> |
