Dear lazyweb, I am considering to implement spam traps and evaluate their efficiency. The idea as rather simple:
- publish some real-looking email addresses on websites, in ways that no human would use them to send legitimate mail, for instance in hidden texts, or in texts clearly stating they should not be used;
- when my mail server receives a message for one of these address, blacklist the originating server for some time so it cannot spam real recipients.
Now, I have to decide on how to implement that with my Postfix server. I am thinking of using fail2ban to simply detect attempts to send mail to my spam traps and blocking these spammers at iptables-level, but I do not think that will give me much tuning possibilities. Do you have other suggestions?
I also have to think about some specific details. Here is what I identified so far, do you think I am missing something that may be useful?
- Blacklisting time: since no legitimate mail can ever be sent to an explicit spam trap address, everyone sending mail to these addresses is by definition a spammer, so I can block them for months, if not forever. There is, however, a risk of blocking large scale services mostly used by regular users but sometimes abused by spammers, like Hotmail or Gmail…
- Server response: a spam trap address is only efficient if it
gets included in a spammer's address list and if it stays there, so
I should make sure my server answers the first attempt in a way that
does not make him think that address is problematic and should be
removed from his list. Defining a
/dev/nullalias should do it.