TechTheft

Building a DNSBL
Books:
  Spam Wars
  Building a DNSBL

Projects:
  Global WHOIS
  DNSBL Scan
  TTBL
  RBL Registry

General:
  NANAE Advice
  Network Tools
  Humour

Login



Forgot Password?

Seeding Input Traps

The major source of inputs and data for an email DNSBL is spam email sent to anonymous addresses.

Among the largest problems you will encounter with data quality will involve whether or not the data sources (trapped email addresses) have been compromised by the spammers.  It is in light of this factor that we have allocated a second domain name as input for the DNSBL. The DNSBL domain can have traps but often will be discovered and cleaned from many spammers lists.

The other major problem is ensuring that only true spam gets into the trap addresses and in large quantities. Thus, seeding becomes an important part of the construction process. The other side of the input problem is solved by honeypot servers as discussed earlier.

Drawing large quantities of quality spam into your traps will take time. But the following steps will start the trickle of spam almost immediately and it will grow as the spammers find your address not bouncing.

  • Post to usenet with a trap as the email address. The best groups to post to are sex groups, or groups for administrators involved in anti-spam activities. Look for particular groups that have a lot of people posting, these are often harvested more often by spammers.
  • Unsubscribe one or more traps from any spam you get. You'll be surprised how many spammers can't tell the difference between "unsubscribe" and "subscribe". Don't unsubscribe from everything, too fast, or too often as it does temporarily slow down the flow while the spammer looks/waits for a list sale.
  • Put it as a mailto: link on as many web pages as possible - preferably those with traffic. Get some prominent search engines to run over your pages at least once.WARNING: make sure other web users are not going to use the address to contact you or even going to see it. Asking for help on a blog is not a good way of seeding a trap.
  • (WARNING: Excessive popups, Porn Dialers, and Trojans risk present). Lookup 'Free Porn mail' or 'free porn' on any search engine. Follow the trail of popup sites for a while. Eventually one will provide a 'mailing list' to receive the free porn at (usually daily). Sign up for a few mailings then unsubscribe. The trap is sure to continue to receive spam indefinitely.
  • Combining a few of these techniques; such as unsubscribing from spam to a known trap previously seeded, increases the flow of pure spam.

The following often get recommended, but there is a catch that has to be carefully guarded against. A confirmed subscription address cannot be a spamtrap. Likewise a genuine published point of contact. If you ever attempt any of the below ensure addresses are clearly marked as 'do not contact' or unconfirmed subscriptions.

  • Trap a contact address for your trap domain. Remembering the administrative and domain contacts are not valid traps.
  • Also a SWIP record contact. With the same catch as the domain registration.
  • Signing up for everything under the sun that has a privacy notice stating that they "won't share information". Then specify that you don't want mailings (you'd be surprised). It is a good choice to also have a second address which unsubscribes at some point (its surprising how many of these get sold).

Boosting Incoming Spam

Although we don't want the DNSBL records identifying which address caught a spammer. It is a good thing for the web bugs and other tracing identifiers the spammers has used to identify a hit or person reading a spam to go off. Just as if you were a clueless user clicking on their web page to check out the spammers product. This will also speed up the trading of your traps.

Why unsubscribe generates spam

Legally spammers are required to remove your address from the list. They usually do this these days, BUT, giving them an address proven to be good. They can then sell it to make some money. Usually they sell it more than once. And in a loophole of the legal requirements they often 'forget' to check unsubscriptions against addresses they buy. This means unsubscribing your trap from a hard-core spammer will always generate more spam (from 2+ purchasers) than the single list your removing it from. I say single list because these spammers are only legally obliged to remove you from the list you said to remove it from.

Remember: addresses that get sold and traded between spammers get more spam.