[SURBL-Discuss] Spam Honeypot identification through SURBL

Matthew Wilson matthew at boomer.com
Thu Mar 10 18:01:07 CET 2005

Jeff (and list),

I'm worried that spammers can use SURBL to identify honeypot email
servers by using unique subdomains.  A spammer must merely send a unique
subdomain URL to every address on their list, and if that unique
subdomain is blacklisted in SURBL, they have identified a potential
honeypot and will no longer send spam to that address/server.  

It is therefore my humble opinion that only the second-to-top domain
name should be listed in SURBL, and not any of the subdomains.


-Matthew Wilson

More information about the Discuss mailing list