From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/36834 Path: main.gmane.org!not-for-mail From: Chris Shenton Newsgroups: gmane.emacs.gnus.general Subject: Stopping spam by attracting it? Date: 10 Jul 2001 11:05:15 -0400 Message-ID: NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1035172354 10709 80.91.224.250 (21 Oct 2002 03:52:34 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 03:52:34 +0000 (UTC) Return-Path: Return-Path: Original-Received: (qmail 27590 invoked from network); 10 Jul 2001 15:05:17 -0000 Original-Received: from samizdat.outbounder.com (198.202.217.54) by gnus.org with SMTP; 10 Jul 2001 15:05:17 -0000 Original-Received: (from cshenton@localhost) by Samizdat.outbounder.com (8.9.3/8.9.3) id LAA18577; Tue, 10 Jul 2001 11:05:15 -0400 (EDT) Original-To: ding@gnus.org In-Reply-To: Kai.Grossjohann@CS.Uni-Dortmund.DE's message of "Tue, 10 Jul 2001 13:05:16 +0200" User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 Original-Lines: 26 Xref: main.gmane.org gmane.emacs.gnus.general:36834 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:36834 Perhaps this is painfully obvious and folks are doing it already; if so, does it work? If not, here's what I'm thinking. Insert a bogus, spam-attracting email address into all the email I send, like victim@mydomain.com; this address should never send mail, so any mail it receives will be from address-harvesting spammers. Alias that address to a small program which examines the headers and extracts source IPs, From: lines, Subject: lines, etc and installs these into some filter config. When your MTA receives mail, it consults the filter looking for match and rejects any messages matching the filter; alternatively, have the MUA do this and put it in a folder/group for suspicious mail. The trick would be building the program to find "significant" headers, avoiding generation of overly loose matches which would filter too much legitimate mail. Anyone doing anything like this? Any thoughts how I might do something like this with Gnus? Not quite Gnus-related, but if one collected lots of spammer/relay host addresses, they could automatically be added to an RBL-like DNS server, operating for an individual, an enterprise, or the public at large. Would also be nifty if such fingerprints could be shared to automatically build a list of suspicious senders.