Author: J.Simpson (23 Nov 04 3:34am)
one potential issue i can see is if a spammer gets a honeypot address into their list and their spam-sending program chooses random email addresses to forge "From" addresses on their spewage, anybody who tries to send a bounce message back to the forged address will be identifying themselves as a spam harvester.
this is something which the projecthoneypot.org mail servers will need to identify and, for bounces and out-of-office autoreply messages, NOT treat the messages as honeypot hits. having gone through this recently with my own "delete.net" honeypot (handled on my own, not through projecthoneypot.org- the delete.net web site explains it.) i have had to deal with this, and until about a month ago i had to manually inspect the messages before they were reported to spamcop. i will be emailing the developers directly with some information about how to recognize bounces and autoreplies automatically (hint: RFC 1891 and RFC 3834.)
another tool i use in fighting spam is SPF. the idea is that i serve a DNS record which lists all of the IP addresses which are allowed to send email claiming to be "From" a given domain name.
for example, i send all of my outgoing mail through my own server. the SPF record for my email address's domain name contains my server's IP addresses, along with an instruction which says "and no others".
if another server receives a message claiming to be from my domain, it can check the SPF record for my domain and see the full list of IP addresses which are okay... if the message didn't come from my server, the message is forged and may be deleted.
SPF isn't perfect- there are some cases (mailing lists, webmail form submissions, remailers, etc.) where a legitimate message may arrive from a different IP which is not on the list, and be blocked by mistake... but these kinks are being worked out and i'm fairly sure that it won't be an issue for too much longer.
in the meantime, if all you want to do is serve an empty list (i.e. "there are no IP addresses which are allowed to send mail claiming to be from this domain") then these issues are not problems.
if you'd like to serve such a record for the domain whose MX record you are donating to project honeypot, here's what it needs to look like...
(for djbdns)
'domain.name:v=spf1 -all:3600
(for BIND)
domain.name. IN TXT "v=spf1 -all"
|