Share Button

In the current information technology era, honeypots have various definitions depending on its use, but in email terms, a honeypot depicts only one thing – a trap. Actually, honeypot is dormant email address set up purposely as a tool to grab spammers as these email addresses are not used by actual people and thus never opted-in to any email marketing campaigns. Consequently, any mailer that sends messages to these addresses can be called as a spammer.


honeypot email trap


One of the most general methods that spammers use to get honeypot email addresses is by collecting email. They perform this task through buying or trading email lists from fellow spammers, using unique software such as spam bots to go through websites to gather email addresses, speculating email addresses using common user names for all targeted domains, giving a product or service for free in return for an email address and sending out mischievous email that searches your hard drive or network for gathering email addresses.

Here are two techniques used by Email Honeypots to attract and identify spammers:

1. Attracting spammers through open relays
Open relays have been oppressed by spammers ever since the early days of e-mail. Normally, a correctly configured recent SMTP server will only allow email intended to or coming from users within the domain it serves. Conversely, an open relay is an email server which allows electronic messages from and to anyone on the World Wide Web. Though this was usual behavior during early Internet usage, but due to increase in email traffic and excessive use by spammers and worms in the mid-1990s forced ISPs to block transmissions on port 25 and to later start using DNSBLs or DNS-based Block Lists to prohibit email from open relay email servers.

Nowadays, open relays are unusual. Or, let's say, exceptional. In fact, they are an invaluable tool for spammers and worms that can spread their spam campaigns without exposing their own IP address to the destination mailing transfer agent and refrain having that IP blacklisted. Thus, an open relay is a profitable idea for spammers.

So, if these open relays allure spammers like bees to a honey pot, this is a perfect trap. These false open relay servers are visible overtly, do not serve a real domain and doesn't worry about being blacklisted by RBLs (real time black lists). Spammers link to it massively, in turn exposing the URLs and intended email ids they use to confirm open relays together with their source IP address. This data is then used by Anti-Spam engines and real time blacklists to let legitimate SMTP servers filter these felonious originators and thus, the spam they generate.

2. Using spam traps to detect spammers
Harvesting email is one more technique that spammers have used from the beginning. Making use of crawler engines that act like search engines; they look through and check web pages all through the internet in search of email ids. Various web sites involving commercial sites, blogs, conversation forums and individual ads will list one or a number of email addresses to contact.

All these addresses are imitated into databases and will either be sold out to spammers or be used intentionally in spam campaigns. As various techniques have been created to stop email harvesting, such as list poisoning, but e-mail reapers enhanced their engines and are still getting success.

Email security honeypots make the most of this too. For instance, if we buy a new dummy domain only for this purpose and set up an open SMTP server for this domain. We then build up a few email addresses and a track-all address. We then make public these addresses on as many web sites as possible and start paying attention. Spammers will gather these addresses and send spam intended for these contacts. As there is no actual email address on this domain and SMTP server, there can be no legitimate messages and thus each single email it obtains is pure spam. Anti-spam and email security organizations can then inspect this flood of spam emails and list aberrant originators, URLs, prototypes, graphic spam, malware, phishing efforts and other fake activities in real-time, and send automatic updates to anti-spam engines in less time than it takes to write down this sentence.

Therefore, it is essential to note that even valid mailers can wind up with honeypots on their email file. Apart from your intentions, sending out unsolicited email is an infringement of the CAN-SPAM Act. Thus, it's imperative for you to directly monitor your email deliverability and perform usual email list hygiene activities, verify your response metrics and eliminate non-responders from your file in a well-timed fashion, authenticate email ids and make sure to ask for permission before sending any email campaign.

Share Button

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

WP Socializer Aakash Web