Currently I have a number or domains that are set up as Email Spam traps. So if I get mails on that domains I can be certain that it is ~100% Spam. I'm using this information to temporarily defer message delivery from spamming IPs on my real Email domains. I can also use the Spam mails to improve Bayesian filtering and identifying brand new viruses before they hit my real inboxes.
This procedure is only effective when I get many Spams on the Spam traps. So the question is how can I generate more Email traffic on the Spam trap domains?
I'm not going to register Spam traps at dubious newsletter senders as this would increase the false negative rate. And it would also need too much manual work to register hundreds of addresses.
Trying to publish the Spam trap addresses on Websites also failed. I have millions of addresses published and they got harvested but not used for spamming. It takes weeks and months until you get a noticeable amount of Spam on these addresses.
I'm not going to publish these Spam traps on forums and guestbooks as this would mean fighting Spam by spamming the web.
What I'm now looking for are ways how I can "accidentally" reveal hundreds and thousands of Email addresses so that Spammers pick them up and use them in their campaigns. But if someone can give me advice which other methods are good to attract Spammers I will appreciate this.
Anwering Miles' suggestions:
- Mark's only points out how to set up good sites for harvesting and what to do with the fetched Spam. But as I said I already have these pages which are not harvested enough
Phil's experiment is too old. His approach was appropriate until 2004 and in a way until 2006. But then Spammers changed their methods drastically.
- Using external services as Craigslist or guestbooks counts as spamming in my opinion and so is not a valid option.
- This is poisoning of half-legitime newsletters and increases the false negative rate.
- I already have two servers that are pretending to be open proxies. But as they are not a real open proxy I can see that spammers do testing attempts. These test mails are not returned to them and so they see that it is only a fake open relay. So they avoid these servers for their tasks.
- Twitter gets only be crawled for tweets with special keywords. These accounts are then followed and used for twitter spamming. But not for email spamming.
Interesting resources:
Mark Adams (2011) has an interesting article on how to start a spam trap which includes some interesting pointers. He points out that contact addresses in the whois records of new domains are a prime target of spammers.
Phil Bradley's Great SPAM Experiment (2002), although dated, documents a methodical approach to attracting spam in a variety of ways. Of all the approaches that he tried, sending unsubscribe requests to spammers was his winning method.
Additional thoughts:
New Craigslist postings are routinely crawled for both e-mail addresses and phone numbers (for SMS spam). You might consider posting something on Craigslist (maybe you're selling your 1998 Honda Civic?) and decline to use the anonymizer.
If I wanted to attract spam to an e-mail address, the first thing I'd think of is to send a message to [email protected] ("Easy, lasting Bulk Email service") with "unsubscribe" in the subject line and the first line of the body.
Per @LucasKauffman's suggestion, you could try setting up an apparently open relay on port 25 of the host specified in a newly registered domain's MX record, then analyze what comes in. Your SMTP service would need to accept messages addressed to foreign domains but not actually relay them.
Twitter gets crawled by spambots. I wonder what happens if you tweet something like "I'll be camping next week, so e-mail [email protected] if you need anything!"
You could setup a fake company web sites and "accidentally" publish a dump file called "users.sql" with names and email addresses (something like "staff.csv" might actually be more effective). Once it gets it indexed by Google you'd expect some spammer to pick it up.
If you're feeling a bit bolder you could dig into the underbelly of the email marketing underground yourself and offer to sell a database dump you stole from a server you compromised.... (since patched of course). Just make sure you route through tor or a public vpn provider when doing this!
Or do a Lulzsec-style release on pastebin, not sure how you'd "promote" it so it got picked up by scripts though, probably using keywords like hacked database, email address etc would help.
Fake an open SMTP, success guaranteed ! I know from unfortunate experience :p
Write good texts for honeypot-pages (pure list of e-mail now is almost unusable) - company listing with name-e-mail-someimage-position-phone is excellent trap.
Add honeypot's pages to spider's pages manually (links with "dofollow" works, adding to *-WebmasterTools also usable)
Intercept most common emails (I get a lot of scrap on info@ office@ sales@ jobs@ accounting@ support@)
I used to publish my software online using the PAD file standard, is an XML file that contains all software details (title, description, price, author name, email, etc), the emails that I used there got a lot of spam.
Ok, well there is a lot of technical information and whatnot . but in the end it's all details .
The main thing here is your objective is to trap spammers.
By freely giving away mail addresses so they are used as targets.
The best way for you to improve your results is to collaborate with others.
There are many people out there who would surely be happy to give fake e-mail addresses to spammers - and there are many owners of open smtp relays who would like a spam filtering improvement.
Get in touch with those people ;)
-> those who are, like you, doing and redoing the same work as so many others before them
-> those who hate spam enough to post fake addresses at the right places
-> those who need the solution you are attempting to create
Any technical solution is but details compared to the efficiency increase you can get through collaboration ;)
Generate OpenPGP keys using spamtraps as the "user id." Push the keys to the various public keyservers. (found this method by accident.) Similarly, create some self-signed X509 certificates containing the email addresses as the relevant part of the subject information in the cert, and install them on TLS-enabled webservers listing on 443 but serving no content.
Create a CSV file, containing email address, random IP address, first name, last name, etc. "Accidentally" store that CSV file somewhere under the web root of a publicly accessible web server. Alternatively save said CSV file to a CD and then dispose of the CD less than carefully.
Print a bunch of business cards, each containing name, title, bogus company name, and email address. Throw stack of business cards into dumpster. Do this near hotels, especially if any conventions happen to be taking place.. Spammy will think he hit gold.
Print a list. Throw list into dumpster. Again, works best outside hotels, especially in case of a conference.
Create websites for some of the domains. Use a lot of greyhat marketer jargon on said websites.
Anything that makes the spammer think he hit a goldmine and manually grab the addresses is probably preferable to anything that waits to be autoharvested. (IMHO)