Date: Tue, 27 Apr 2010 01:15:11 -0700 From: perryh@pluto.rain.com To: john@starfire.mn.org Cc: freebsd-questions@freebsd.org Subject: Re: Wpoison????? Message-ID: <4bd69d0f.%2BBIrPGo/9OZTp5OQ%perryh@pluto.rain.com> In-Reply-To: <20100426143510.GA75532@elwood.starfire.mn.org> References: <4BD3E9B8.2030109@comclark.com> <20100426124453.GB74442@elwood.starfire.mn.org> <j2ma0777e081004260643ya31b42d7g29c45348e6c3d85c@mail.gmail.com> <20100426143510.GA75532@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
John <john@starfire.mn.org> wrote: > > There are better systems that have a pure honeypot which actually > > accepts mail (and add the IPs that send mail to a blacklist) > > OK - where do we find one of THOSE? Unfortunately, THOSE may be a bit too simplistic :( Someone forges an email appearing to come from one of your honeypot addresses, and sends it to a bogus (or on-vacation) address at a legitimate site. The bounce (or vacation response) comes to your honeypot address, causing you to blacklist the legitimate site. No, I am not making this up. More than once I've discovered one of my employer's mail servers on the Spamcop blacklist, causing my home upstream to bounce (as presumed spam) messages I tried to send from office to home. This seemed to have been the mechanism involved.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4bd69d0f.%2BBIrPGo/9OZTp5OQ%perryh>