What are Honeypots and Spamtraps?

If we start out by discussing real honeypots, we think you’ll quickly understand the meaning of honeypots through a couple of analogies. Remember reading or watching Winnie The Pooh? This was a story about the escapades of a bear that loved honey. The quest for honey could often lead to problems for the bear, but the attraction was persistent. Another analogy would be that bears are attracted to honey like fruit flies are to a glass of wine. The idea is, if you want to catch bears, put a pot full of honey out to attract them. Likewise, if you want to catch fruit flies, place a glass of wine in their environment.

Jumping from our analogy back to the world of technology, the Internet, and email blacklists - what if we put something on the Internet that intentionally attracts spam, so that we can try to catch the perpetrators or at least eliminate the spam? This is exactly what a honeypot does within this context. A “honeypot” server is placed on the Internet. This server allows spammers to relay spam through the server (spammers rarely send email directly from their own servers these days, due to concerns over blacklisting, costs, bounced messages or legal action). In doing so, the honeypot server captures information about the source, and the spam may also be filtered out, though the spammer might not know it since the server can “pretend” that the email was successfully relayed.

Sometimes, honeypot and spamtrap are used to mean the same thing, and conventional use may make the terms interchangeable. Spamtraps, however, are a specific type of honeypot, used to trap and/or diagnose spam rather than relayers. A spamtrap, for example can be used to collect spam and transfer the sender’s address or domain to a blacklist so that the spam will not reach anyone whose email service subscribes to that blacklist.

Spamtraps often work by using special email addresses, that are used for nothing besides spam collection. For example, by posting the email address "spamcollector@example.com" on a website, automated spam bots (or agents) may programmatically find the email address, and add it to a mailing list for spam. When the next spam message goes out, the spamtrap email address receives the message, and proceeds to add the IP address of the sending server to its blacklist.

Honeypots and spamtraps can be relatively effective tools for catching spamming in the act and stopping it before it reaches its intended audience. Just like a trap is prepared to capture dangerous animals who represent a threat to humanity, other animals, or property, technological traps can be set to capture unsolicited commercial email.

Click here for more articles on blacklists, bulk email, and spam issues