DCC and honeypot

Vernon Schryver vjs@calcite.rhyolite.com
Tue Mar 2 21:09:15 UTC 2004


> From: Stef 

> I have a honeypot setup with Postfix, a rule to "hold" all emails being 
> attempted to relay through it, and a couple of users accounts (local) 
> having been used as honeytokens, by putting them on a web site, 

> ...
> I can run the hold queue through the DCC, for reporting, before getting 
> rid of those messages?  ...

For what purpose?  The odds are on the order of 1,000,000 to 1 that
your honeypots see any given spam first, unless it is sufficiently
customized to be unique as far as the DCC checksums can tell.


> If the above is not feasible, does anybody know of any other reporting 
> tools/sites/capabilities, I could possibly integrate into a system like 
> the above?
>
> NOTE: I have tried razor, but their servers do not seem to respond 
> anymore, even for the setup phase.

Again, for what purpose?  Individuals cannot help any spam filtering
mechanism that has traps enough to see much spam.  In the 24 hours
ending March 2, 2004 20:00 GMT, the DCC has heard about 60,000,000
spam and traped more than 40,000,000.  I suspect there are close to
1,000,000 traps reporting to the DCC.  Another 500 or 1000 traps will
not help.  That applies to any substantial spam body filter system,
including Vipul's Razor/Cloudmark if they are still using traps.

If you want to make a personal dent in spam, then help get your
congresscritters to convince politicians such as Janet Reno to stop
worrying about Texas cults and John Ashcroft to stop worrying about
topless statues of Justice and prosecute spammers for the millions
crimes they were committing daily even before the CAN SPAM Act.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.