Michaelndavis's Weblog

One approach to avoid spam is to use an imitation MTA that gives the appearance of an open mail relay or an imitation TCP/IP proxy server that gives the deceptive appearance of an open proxy.

In computer terminology, a honeypot is a trap set to discover, thwart, or in some manner counteract attempts at unauthorized use of information systems. Generally a honeypot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un) protected, and monitored, and which seems to contain information or a resource of value to attackers.

Victim hosts act as active network counter-intrusion tools. These computers run special software that is designed to appear to an intruder as being important and worth looking into. In reality, these programs are dummies, and are constructed specifically to foster interest in attackers. The software installed on, and run by, victim hosts are for two purposes. First of all, these dummy programs keep a network intruder busy looking for valuable information where none exists because of their mystifying patterns, effectively convincing him or her to isolate themselves in what is truly an unimportant part of the network. This bait is designed to keep an intruder from getting bored and heading into truly security-critical systems. The other part of the victim host strategy is intelligence gathering. Once an intruder has broken into the victim host, the machine or a network administrator can examine the intrusion methods used by the intruder that can be used to build specific countermeasures to intrusion techniques, thus fortifying the security mechanisms in use

Spammers who probe systems for open relays/proxies will get lured to send mail through the honeypot wasting their time and potentially revealing information about themselves and the source of the spam to an alert entity who is monitoring the honeypot. Such a system may simply discard the spam attempts, store them for analysis, or submit them to DNSBLs.

The SMTP protocol requires that the connections be closed with a Quit command. Many spammers skip this step since closing the connection takes time and bandwidth. Some MTAs like Exim(Experimental Internet Mailer) are able to detect the use and no use of the Quit command they can track patterns of use for building DNSBLs

Nolisting is one of the methods of defending electronic mail users against e-mail spam. The idea is that by having a non-existent primary mail server and a working secondary mail server, attempts to contact the primary mail server will always fail thus, if the mail is sent by a correctly configured email server, the sending server will then try to contact the secondary mail server, and should succeed. Spammers frequently use custom software, which do not retry higher-priority MX records.
As the SMTP requires, email servers for any given domain must be provided in a prioritized list (namely,MX records). It also specifies further mandatory error handling behavior when servers in that list cannot be contacted. Nolisting involves purposely creating unreachable MX records, so that senders who have implemented this error handling code can deliver mail successfully.
This technique relies on spammers using custom software, which ignores the SMTP protocol. Hence, it is not a viable long-term solution. Spammers can cheat Nolisting by simply using standard email server software or by adding a little error-recovery to their custom software. Thankfully, Nolisting can be abandoned if it ceases to be useful.