Spam Filter ISP Support - Honeypot don�t work if AuthorizedToEmail

Print Page | Close Window

Honeypot don�t work if AuthorizedToEmail

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5509
Printed Date: 10 May 2025 at 1:05am

Topic: Honeypot don�t work if AuthorizedToEmail

Posted By: Simone
Subject: Honeypot don�t work if AuthorizedToEmail
Date Posted: 17 February 2006 at 9:26am

I noticed that if i put an email in the honeypot email list, but this email is not in the authorized to email, the ip of the sender wont be considered as honeypot ip.

Is this correct for you?

I think that it should be considered as spammer ip as the others.

Don't you think so?

Thank you,
Simone

Replies:

Posted By: Lee
Date Posted: 19 February 2006 at 11:04am

Simone I agree that is the way it should work but others have made the argument against this.

Regardless yes you do have to put the illegal email address in the Authorized To before it will make it to the honeypot. The authorized to filter is checked before many of the other filters.

The process I have used is to review my quarantine and look for the most common bogus email names used. I then enter those into the Authorized To: and into the honeypot. This seems to catch most of spammers.

Lee

Posted By: LogSat
Date Posted: 19 February 2006 at 4:39pm

Sorry for the delay in responding. Lee is absolutely correct. Originally we had the honeypot exactly as Simone was expecting, but shortly after we were asked by a "crowd" of users to change it as it's working now. We are in a democracy... thus SpamFilter is now behaving as Lee described!

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Roman
Date Posted: 04 April 2007 at 4:52pm

oops, found this topic and moved my question here:

So, if i don't want to poison my "Authorized TO EMails" list with bogus addresses, I should use :honeypot suffix in BlackTo list?

The other question is how long the honeypot-blacklisted-ip will stay black listed? Forever or just like IPs in temporary cache (I personnaly would prefer the second - there is a chance that IP owner will fix his problems sooner or later)?

Posted By: LogSat
Date Posted: 05 April 2007 at 7:13am

Roman,

The filtering order (http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID =5171#7776) shows that the "Local Emails TO Blacklist" filter is checked before the "Not in Authorized TO Emails" filter. So you have a valid point, and you could indeed use the :honeypot option to do that.
In regards to how long the IPs remain in that list, currently they stay there permanently.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Roman
Date Posted: 05 April 2007 at 9:05am

Thank you, Roberto.

I think, I'll just write a script to rotate these IPs and expire them in several days.

Print Page | Close Window