Re: Honeypot email addresses

Tue, 02 Dec 2014 09:50:33 -0800 


On 12/2/2014 9:31 AM, Kevin A. McGrail wrote:

On 12/2/2014 12:24 PM, Ted Mittelstaedt wrote:



On 12/2/2014 6:19 AM, LuKreme wrote:

On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt<t...@ipinc.net> wrote:

This is assuming of course that your instantly blocking everything
from a sender that happens to email a honeypot.


Right. That i the *point* of a honeypot. The only thing going to a
honeypot is going to be a spammer.


Most honeypots are not used in such a draconian fashion.


Every single one I’ve ever seen has.



i see tons of spam relayed through throwaway accounts on Yahoo, and
even some from Gmail and Microsoft's various domains. This is to all
manner of accounts, both valid and invalid, former accounts and
accounts that never existed. So your saying it's OK to block those
because you get a piece of spam from them to a honeypot?

Or are you saying that the spammers NEVER use throwaway accounts on
those large providers?

Or are you saying that with your honeypots that the large providers
get a free pass to spam you when they email your honeypots?

For me, spam is always about minimizing collateral damage but it is far
from an exact science and subject to friendly debate to improve things
for everyone.

Let's remember who the bastards are (the spammers) and not attack
people's honeypots/DNSWLs, etc. because if you don't like their
policies, you don't have to use them.



Agreed, I will also point out I didn't start the attacks.


I do not agree with the logic that using email addresses on a domain 
that have been deactivated for a long period of time - years that is - 
as honeypots is going to result in blocking a valid sender.  My 
assertion got attacked - I refuted those attacks with logic - my 
assertion got attacked more with illogical statements like the one I 
just refuted a few minutes ago.



Data from a single honeypot has some value.  Data from hundreds of them 
has far, far more value.  If some of those hundreds of honeypots are old 
email addresses that were bouncing mail for the last 5 years with 
"unknown user" then it isn't logical to assert that those will result in 
blocking a legitimate sender.  At least, not in what I consider a 
reasonable filter.


Ted


Regards,
KAM





























					Reply via email to