Spamtrap
Encyclopedia
A spamtrap is a honeypot
used to collect spam
.
Spamtraps are usually e-mail
addresses that are created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view such that an automated e-mail address harvester (used by spammers) can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose. Since no e-mail is solicited by the owner of this spamtrap e-mail address, any e-mail messages sent to this address are immediately considered unsolicited.
The term is a compound of the words "spam" and "trap", because a spam analyst will lay out spamtraps to catch spam in the same way that a fur trapper lays out traps to catch wild animals. The provenance of this term is unknown, but several competing anti-spam organizations claim trademark over it.
The source IP address of a sender delivering e-mail to the spamtrap could also be added to a blacklist for source address blacklisting of e-mail.
newsgroup
whose sole purpose is to lure cross-posted spam. For example, the alt.sex.cancel newsgroup charter states that any article posted there may be cancelled immediately. Thus, a spammer who cross-posts an article to the entire alt.sex.* hierarchy, including alt.sex.cancel, will find that article is quickly cancelled.
Honeypot (computing)
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems...
used to collect spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
.
Spamtraps are usually e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
addresses that are created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view such that an automated e-mail address harvester (used by spammers) can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose. Since no e-mail is solicited by the owner of this spamtrap e-mail address, any e-mail messages sent to this address are immediately considered unsolicited.
The term is a compound of the words "spam" and "trap", because a spam analyst will lay out spamtraps to catch spam in the same way that a fur trapper lays out traps to catch wild animals. The provenance of this term is unknown, but several competing anti-spam organizations claim trademark over it.
Industry uses
An untainted spamtrap can continue to collect samples of unsolicited messages that can be acted on by an automated anti-spam system. The automated system could instantly block any further e-mail messages with the same content, arriving for other e-mail addresses, because the messages would then be considered as bulk unsolicited e-mail, the typical definition of spam. Automation is considered "safe" because no legitimate email messages should be arriving to the spamtrap address.The source IP address of a sender delivering e-mail to the spamtrap could also be added to a blacklist for source address blacklisting of e-mail.
Vulnerabilities
- A spamtrap becomes tainted when a third party discovers what the spamtrap e-mail address is being used for. Once this occurs, the third party could target the spamtrap by maliciously sending email to it giving the third party some control over the automated process of what is being considered bulk unsolicited e-mail by the anti-spam system. They would be able to subscribe a spamtrap address to any legitimate email list.
- Spammers using spamtrap addresses from their mailing lists as sender addresses can cause backscatterBackscatter (e-mail)Backscatter is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam....
when a reply/DSN is sent to the spamtrap address. - If the spammer put a spamtrap mailbox with many others in the TO or CC line, when any of that other people reply or forward the message, this address will be considered spam too.
- Many spamtrap addresses show up in search engine results, and anyone can write to these addresses without knowing that all mail will be caught as spam.
Usenet
A spamtrap can also be a UsenetUsenet
Usenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...
newsgroup
Newsgroup
A usenet newsgroup is a repository usually within the Usenet system, for messages posted from many users in different locations. The term may be confusing to some, because it is usually a discussion group. Newsgroups are technically distinct from, but functionally similar to, discussion forums on...
whose sole purpose is to lure cross-posted spam. For example, the alt.sex.cancel newsgroup charter states that any article posted there may be cancelled immediately. Thus, a spammer who cross-posts an article to the entire alt.sex.* hierarchy, including alt.sex.cancel, will find that article is quickly cancelled.
See also
- Project Honey PotProject Honey PotProject Honey Pot is a web based honeypot network which uses software embedded in web sites to collect information about IP addresses used when harvesting e-mail addresses for spam or other similar purposes such as bulk mailing and e-mail fraud...
- Address mungingAddress mungingAddress munging is the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations who send unsolicited bulk e-mail...
- Anti-spam techniques (e-mail)
- Botnets
- E-mail address harvestingE-mail address harvestingEmail harvesting is the process of obtaining lists of email addresses using various methods for use in bulk email or other purposes usually grouped as spam.-Methods:...
- List poisoning
- Stopping e-mail abuseStopping e-mail abuseTo prevent e-mail spam , both end users and administrators of e-mail systems use various anti-spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators...