Print Page | Close Window

Honeypot usage findings

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6627
Printed Date: 23 October 2017 at 4:13am


Topic: Honeypot usage findings
Posted By: yapadu
Subject: Honeypot usage findings
Date Posted: 13 March 2009 at 3:50am
I've been looking at the honeypot option today, considering making it available to users.

I have found a few items by trial and error, manual, and these forums, and would like to confirm my findings:

  • Addresses placed in the honeypot blacklist have no effect if the email is not also added to the authorized to whitelist, due to filter order.
  • You can put email addresses on the TO blacklist, with the :honeypot option and it basically has the same effect except it does not need to be on the TO whitelist.  So basically the honeypot tab is not needed at all.
  • You can not use both a :honeypot and :null option on a single email address, only one option per email?
  • When an IP is added to the honeybotblockedIP list, it affects only the domain using the black listed email.  Other domains would not be effected.
  • Once an IP is added to the honeypotblockedips, it never expires (never is a long time!)

I can just see some company adding former employees to the honeypot list, then the former employee get his daily email from CNN and CNN ends up getting blacklisted and blocks CNN for all domains on the server.  That type of thing would be bad.

Does anyone see any errors with my findings?



Print Page | Close Window