Discussion:
Best ways to get spamtrap eMail addresses into spammer lists?
(too old to reply)
Randolf Richardson 張文道
2024-11-14 00:48:39 UTC
Permalink
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.

Thanks.
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
tjoen
2024-11-14 06:35:16 UTC
Permalink
Post by Randolf Richardson 張文道
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.
By responding?
Randolf Richardson 張文道
2024-11-14 18:16:03 UTC
Permalink
On Thu, 14 Nov 2024 07:35:16 +0100
Post by tjoen
Post by Randolf Richardson 張文道
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.
By responding?
Assuming, of course, that the sender has valid SPF and DKIM, that's
something I hadn't considered. Thanks!
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-11-14 16:34:30 UTC
Permalink
Post by Randolf Richardson 張文道
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.
Publishing it on webpages, mailing lists, archives etc. should do
enough. Maybe use your own domains that have MX records to the
spamtraps.
I have some hope that they don't check MX records for every domain.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-11-14 18:14:40 UTC
Permalink
On Thu, 14 Nov 2024 17:34:30 +0100
Post by Marco Moock
Post by Randolf Richardson 張文道
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.
Publishing it on webpages, mailing lists, archives etc. should do
enough. Maybe use your own domains that have MX records to the
spamtraps.
I'm doing some of this already (mostly just including the eMail
addresses on web pages in a way that they're not visible to users,
so they don't accidentally send to them).
Post by Marco Moock
I have some hope that they don't check MX records for every domain.
I suspect you're correct because I've found that setting up a
non-relaying SMTP daemon that accepts everything on an IP address
with no MX records pointing to it (that I know of) usually does
start receiving spam after some unpredictable period of time.

It doesn't even need to be running a web server or anything else,
although running an FTP daemon does seem to attract attention
from what I assume are SSH-hacking bots.
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-11-14 18:20:56 UTC
Permalink
Post by Randolf Richardson 張文道
On Thu, 14 Nov 2024 17:34:30 +0100
Post by Marco Moock
Post by Randolf Richardson 張文道
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.
Publishing it on webpages, mailing lists, archives etc. should do
enough. Maybe use your own domains that have MX records to the
spamtraps.
I'm doing some of this already (mostly just including the eMail
addresses on web pages in a way that they're not visible to users,
so they don't accidentally send to them).
Post by Marco Moock
I have some hope that they don't check MX records for every domain.
I suspect you're correct because I've found that setting up a
non-relaying SMTP daemon that accepts everything on an IP address
with no MX records pointing to it (that I know of) usually does
start receiving spam after some unpredictable period of time.
I thought about checking the MX of a domain part for known spamtraps,
like uceprotect etc.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-11-18 15:38:32 UTC
Permalink
On Thu, 14 Nov 2024 19:20:56 +0100
Post by Marco Moock
Post by Randolf Richardson 張文道
On Thu, 14 Nov 2024 17:34:30 +0100
Post by Marco Moock
Post by Randolf Richardson 張文道
What are some of the most effective ways to get spamtrap eMail
addresses into spammer eMail lists/databases? I'm okay with
the eMail addresses being submitted one at a time, or as a
list of multiple addresses, or by publishing them on web pages.
Publishing it on webpages, mailing lists, archives etc. should do
enough. Maybe use your own domains that have MX records to the
spamtraps.
I'm doing some of this already (mostly just including the eMail
addresses on web pages in a way that they're not visible to users,
so they don't accidentally send to them).
Post by Marco Moock
I have some hope that they don't check MX records for every domain.
I suspect you're correct because I've found that setting up a
non-relaying SMTP daemon that accepts everything on an IP address
with no MX records pointing to it (that I know of) usually does
start receiving spam after some unpredictable period of time.
I thought about checking the MX of a domain part for known spamtraps,
like uceprotect etc.
Publishing contact information in WHOIS records does result in
large volumes of spam over time, and dozens of physical letters in
the mail that promote various scams (a common one is tricky domain
registrars that misleadingly disguise their offers to look like
invoices). Many years ago we received hundreds of credit card
applications from American Express, for which it was easy to
determine that American Express had been scraping information from
WHOIS records but not comparing mailing addresses (as long as the
Registrant field differed), and every letter included within it a
return envelope for the application complete with postage pre-paid
(thanks to them for the 300+ free stamps, in effect).

After registering new domain names, in addition to the above, we
also receive no less than 10 telephone calls from scammers within
the week, most of whom can't even pronounce the names properly (due
to a lack of fluency in English, I assume). (To protect our
clients, we publish our office contact information and only forward
legitimate correspondence to them.)

The MX records obviously don't provide the contact information that
WHOIS records do, but these are different tactics that work in
different ways. But even without any MX records the many port
scanners that are running continuously in the wild eventually find
an SMTP service running and, if being operated by spammers, start
attempting to send eMail soon after.
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Loading...