- Spamtrap
A spamtrap is a honeypot used to collect spam.
Spamtraps are usually
e-mail addresses that are created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view such that an automated e-mail address harvester (used by spammers) can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose. Since no e-mail is solicited by the owner of this spamtrap e-mail address, any e-mail messages sent to this address are immediately considered unsolicited.The term is a compound of the words "spam" and "trap", because a spam analyst will lay out spamtraps to catch wild spam in the same way that a fur trapper lays out traps to catch wild animals. Who originally coined this term is unknown, but several competing anti-spam organizations claim trademark over it [http://www.netliancecorp.com/pdf/spamtrapbrochure.pdf] [http://tess2.uspto.gov/bin/gate.exe?state=gcisui.4.1&f=toc&a_search=&p_s_ALL=SPAMTRAP] .
Industry uses
An untainted spamtrap can continue to collect samples of unsolicited messages that can be acted on by an automated anti-spam system. The automated system could instantly block any further e-mail messages with the same content, arriving for other e-mail addresses, because the messages would then be considered as bulk unsolicited e-mail, the typical definition of spam. Automation is considered "safe" because no legitimate email messages should be arriving to the spamtrap address.
The source IP address of a sender delivering e-mail to the spamtrap could also be added to a blacklist for source address blacklisting of e-mail.
Vulnerabilities
* A spamtrap becomes tainted when a third party discovers what the spamtrap e-mail address is being used for. Once this occurs, the third party could target the spamtrap by maliciously sending email to it giving the third party some control over the automated process of what is being considered bulk unsolicited e-mail by the anti-spam system. They would not however, be able to subscribe a spamtrap address to any legitimate email list since all legitimate lists use a confirmed opt-in procedure.
* Spammers using spamtrap addresses from their mailing lists as sender addresses can cause backscatter when a reply/DSN is sent to the spamtrap address.
* If the spammer put a spamtrap mailbox with many others in the TO or CC line, when any of that other people reply or forward the message, this address will be considered spam too.
* Many spamtrap's addresses are shown in search pages like Google. The mailbox is visible in that page and any can write it without knowing that mail will be caught as spam.Usenet
A spamtrap can also be a
Usenet newsgroup whose sole purpose is to lurecross-post ed spam. For example, thealt.sex.cancel newsgroup charter states that any article posted there may be cancelled immediately. Thus, a spammer who cross-posts an article to the entirealt.sex.* hierarchy , including alt.sex.cancel, will find that article is quickly cancelled.SpamTrap as a Commercial Term
SpamTrap is also used as the product name for several commercial anti-spam systems that are unrelated to the technical term.
ee also
*
Project Honey Pot
*Address munging
*Botnets
*E-mail address harvesting
*List poisoning
*Stopping e-mail abuse
Wikimedia Foundation. 2010.
