Print Page | Close Window

HoneyPot Implementation

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5749
Printed Date: 16 July 2025 at 10:25am


Topic: HoneyPot Implementation
Posted By: superbug73
Subject: HoneyPot Implementation
Date Posted: 08 August 2006 at 4:55pm

We're currently using SpamFilter with an Authorised To list, that has dramatically cut down on the amount of spam in the quarantine.

I realise that an authorised to list isnt the best solution for everyone and after pouring over the logs for a while I came up with an idea.

(please bare with me if this has been suggested previously)

I noticed that a lot of the fake addresses the spammers try to send to at our domain were the same, and repeated many many times over.

What if there was an option that instead of rejecting emails not on the Authorised To list, that it logged repetitive attempts to the same address. If the number of attempts exceeds a certain number (set by the user) within a certain period, then that address is added to the Honeypot, so if it gets tried again, it will black list the sender.

I know that it already looks out for lots of attempts from a specific address, but im not sure if there is currently a way to block multiple attempts to a specific address.

Let me know what you think. Thanks.


Replies:
Posted By: sgeorge
Date Posted: 09 August 2006 at 2:57pm
Well, SpamFilter does have the ip blacklist limbo & cache system working, which does effectively put a temporary ban the ip that repeatidly tries to send to the same bad address.

With your suggestion, I would consider the conequences of someone mis-typing the valid recipient's email address.  If for any reason their sending email server ignores SpamFilter's response that "you are not allowed to send to that [bogus] email address", it may try to re-send a 2nd, 3rd, & 4th time... eventually they would be added to the honeypot simply for trying to re-send the same message.

I try to save my honeypot usage for i.p.s that I suspect are solely used for sending spam - should a user from that honeypotted i.p. try to send me a message I would never know.

...My 2 c's.

Stephen


Print Page | Close Window