Message Board

Newbie/Basic Questions

Got a natural honeypot

Author: W.Sky (28 Feb 08 9:30pm)

Hello there,

I own a .de domain with just one "catch all" mailbox, which is spam-free. But suddenly I regulary got spam mails to the specific address "sales"@my domain, an adress that I never did use or publish.
So I created a mailbox with that address and forgot about it for some months. Now I was looking into this mailbox and found over 10,000 spam mails, mostly in English and German, addressed to this specific address. Approx. 40 mails per day.

Now I wonder. Can I help fight spam by redirecting all future mails to another place for evaluation? Maybe even giving access to the 10,000 saved ones (POP3 or IMAP). It just would be very important for me that my domain will be confidential and does not become the target of spam fighters then, by accident maybe.

Yours, W.Sky

Re: Got a natural honeypot

Author: P.Hauser (29 Feb 08 10:36am)

W. Sky wrote:

> [...] just one "catch all" mailbox, which is spam-free.
> [...] It just would be very important for me that my domain will be confidential and does not become the target of spam fighters then, by accident maybe.

Well, if so, here's a hint for you and for the benefit of all:

1) Drag all your spams towards your trash
2) Turn off 'catch all' in your mailbox

You can read here a lot of helpful information at

http://www.projecthoneypot.org/how_to_avoid_spambots.php

about "How to avoid Spam" and not just by accident!
Besides that Honeypots ain't natural. Are you serious or a newbie?

Post Edited (1 Mar 08 12:18am)

Re: Got a natural honeypot

Author: W.Sky (1 Mar 08 9:14pm)

Well, can newbies not be serious? ;-)
I don't know much about spam, I'm just getting spam, but I know my way around with e-mail, how it works und what's in the header.

I didn't know that natural honeypots didn't exist, but how'd you call it? As I mentioned, I never used or published the "sales@mydomain" address, so I find it rather strange that I am getting so much spam to this specific address. I have another e-mail address that is public on websites and usenet groups, but I do not receive that much spam mails there. I don't know: Isn't 40 mails per day quite much?

What's more, I never published my domain name either. It's solely for private use with friends, so it can be possible to have a "catch all" mailbox and do not get spam.

Re: Got a natural honeypot

Author: P.Hauser (3 Mar 08 7:01am)

W. Sky wrote:

> [...] so it can be possible to have a "catch all" mailbox and do not get spam.

The simple answer is: NO! Why is that? Why ...

DO NOT USE A CATCH-ALL EMAIL ADDRESS

A catch-all email address is set up if you have your own website, and it is intended to catch all of the incoming emails sent to your DOMAIN even if there is no legitimate mailbox by that name.

For example, your email address might be mary@mydomain.com. If that mailbox is set up as a catch all, and someone sends an email to marie@mydomain.com (with a spelling mistake in the email name), it will be forwarded to mary@mydomain.com.

However, spammers know about catch-all email addresses, and will take your domain name (mydomain.com) and add common prefixes to it, like sales@, info@ or admin@, etc.. If you have a catch-all, then those spamming emails will come to you, even if you don't have a LEGITIMATE mailbox of sales@mydomain.com, info@mydomain.com or admin@mydomain.com set up with your hosting company.

-So the lesson is to just ask your provider to turn off "catch all" for your domain. Afterwards define yourself some sophisticated email accounts that cannot be guessed and don't just publish them to everyone. You might also create some temporary accounts like sky0508@mydomain.com, sky0608@mydomain.com, sky0708@mydomain.com and simply throw them away after a turn over period.

Stick to http://www.projecthoneypot.org/how_to_avoid_spambots.php

and you're done.