Marcin Krol wrote:
Henrik K wrote:
sure there's other useful stuff you can do with spamtrap mails too.
Unfortunately it takes a lot of effort to create *good* spamtraps.
Yep.
It's just
too much trouble for a normal admin, I leave it to those who have time on
their hands. You can do the simple grep for "mistyped" non-existant
addresses from logs etc, but it's just silly botnet crud that doesn't
represent the "real" spam coming to real users (that leak their
addresses in
all sort of ways).
This is exactly what I have a problem with: while lots of spam is
directed at my regular users, I get very little spam caught in my
spamtraps.
I have published spamtrap addresses (in "hidden" HTML of course, like
"mailto:address" in the same color as background of the page) on many
company webpages, posted spamtraps to Usenet some 6 months ago and I
still get very little spam caught in spamtraps.
IMHO total volume isn't necessarily a good indicator. A few copies of
each spam are all that's required to feed Bayes - you don't need
thousands of copies of the *same* spam. The objective is that you get a
copy of new spam and feed it to Bayes or a blocklist/custom
rules/whatever *before* your users start seeing it.
Try responding to spam or clicking unsubscribe links from your spamtrap
addresses. Exactly the type of thing you'd tell your users *never* to
do. Spammers love confirmed live email addresses, especially those who
read the spam and follow the instructions (like click here to
unsubscribe). It makes those addresses perfect candidates for more spam.
Try signing up for some newsletters from dubious sites and then
unsubscribing - if you can't opt out after opting in then it's spam and
they'll likely sell your address on.
Using common easy to guess addresses (b...@example.com) rather than
difficult to guess addresses (b.smith4244...@example.com) will generate
more spam but also has the potential for more FPs - same with using an
old address that's no longer used - you need to make sure it's no longer
receiving any legitimate mail.