[SURBL-Discuss] Spam Honeypot identification through SURBL

Chris Santerre csanterre at MerchantsOverseas.com
Thu Mar 10 20:08:41 CET 2005

>-----Original Message-----
>From: Matthew Wilson [mailto:matthew at boomer.com]
>Sent: Thursday, March 10, 2005 12:01 PM
>To: Jeff Chan; SURBL Discussion list
>Subject: [SURBL-Discuss] Spam Honeypot identification through SURBL
>Jeff (and list),
>I'm worried that spammers can use SURBL to identify honeypot email
>servers by using unique subdomains.  A spammer must merely 
>send a unique
>subdomain URL to every address on their list, and if that unique
>subdomain is blacklisted in SURBL, they have identified a potential
>honeypot and will no longer send spam to that address/server.  
>It is therefore my humble opinion that only the second-to-top domain
>name should be listed in SURBL, and not any of the subdomains.
>-Matthew Wilson

I make it a point to not list subdomains. Only the main domains get listed
by me. If one got in, it was an oversight. When some submissions come in
from certain projects, I will purposely delay their addition to SURBL, so
that spammers can't time them with spam runs. But frankly the domains come
from so many different sources, it doesn't matter much. 


More information about the Discuss mailing list