Message Board

Bugs & Development

Catch-all redirection

Author: D.Nagle (15 Jan 05 4:07am)

My hosting account allows me to specify a catch-all address for a domain, and allows me to specify an external address as the destination for the catch-all if I wish. So, I could have all email received at my.example.com forwarded to my.example.com@spam.projecthoneybox.org. I suspect that a lot of web hosts offer similar functionality.

While I don't personally need this functionality (I can set MX records directly for my domains), I still think it may be a valuable thing to add. It would allow additional users to donate domains. Plus, the domain wouldn't be pointing to the same set of MX records that every other project honeypot address points to.

Re: Catch-all redirection

Author: M.Prince (15 Jan 05 4:59am)

Let me think whether there's a way we could use a feature like that. We actually want to be careful to NOT receive just anything that's sent, but instead to receive those messages that are a direct result of a harvester having stolen one of our addresses off a honey pot. For example, before we allow an MX donation to go active we wait a period of time to ensure the domain being donated is not already receiving spam. It's important we keep our data as clean as possible so it can be useful for any legal proceedings.

Still, I'll think about whether there's some way in which a catch-all could be setup in order to help the Project.

Thanks for the suggestion.

Re: Catch-all redirection

Author: S.Goodman (20 Feb 05 4:27pm)

This would work the great majority of the time, but would have an occassional false positive that would make it harder to use for automated data collection. For instance, any of your correspondents that mistyped a single letter of the local-part of your email address would wind up in the catch-all inbox. My address is sethg@GoodmanAssociates.com, so if someone made the typo sethh@GoodmanAssociates.com, it would go to the catchall account and be considered spam. I suppose that the Project Honeypot tools _could_ notice that the misspelled address was not one that was given out by the honeypot script, but that is extra work.

I assume that the existing scripts do have to look up the local-part for the mail received for each donated sub-domain to figure out what the harvester IP was, so perhaps if the lookup fails, that could be used as an indication of a false positive for this case. Such a script addition would also discard dictionary attack spam against the harvested sub-domain, which would be a pity.

I don't know if Project Honeypot considers addresses with local-part variations as sufficient proof of harvesting or if they require it to be an address that they specifically handed out. IANAL, but it would seem that if the sub-domain is _never_ used except by the honeypot script, that would be sufficient proof of harvesting. Maybe someone with legal knowledge could address this.

Re: Catch-all redirection

Author: M.McGinnis (28 Aug 06 8:04am)

I'm sure that catch-all redirection would be VERY useful in a different phase of the project: creating a blacklist.

I have several email addresses that receive only spam, and I'd be delighted to forward them to someone who could automatically report, blacklist or block the senders. It's getting too cumbersome to re-re-verify every report to Spamcop, when I already know it's all spam.

There should be a service that solicits redirects from old, worn-out email addresses and reports spam sent to them. It could even filter the submissions to verify that the address is "good" (that is, completely bad).

This could catch the majority of spammers who buy old lists but don't harvest themselves.

UPDATE: It turns out you CAN redirect spam to SPAM@UCE.GOV (at the US Federal Trade Commission). But I don't know what they do with it.

Post Edited (26 Oct 06 5:41pm)