Document information

Document ID:4554
Subject:What is a honey pot for spam
Creation date:12/14/15 4:35 PM
Last modified on:8/10/18 12:58 PM


Honey Pot

Often spammers send emails blindly to several email addresses without verifying if the address belongs to a real person. Honey pot is a mechanism to trap such emails and analyze their content. Since the actual addresses are invalid no one receives these emails but the server builds a pattern based on these messages and assigns scores to emails where the pattern matches and is associated with a real person.

For example, you create honey pots for the following fictitious email addresses.
  • bob@yourcompany.com
  • mark@yourcompany.com
  • mary@yourcompany.com
Ideally, no email should be sent to these addresses since they don't belong to anyone. However, a spammer does not know this and if an email comes to such address the server can find out:
  • The IP address where the message came from
  • Parse its contents for certain keywords, web addresses and phone numbers
Using this information Xeams can assign score to messages that have the same pattern.



User comments

Posted by Tom Sheckells on 10/24/14 11:34 AM

Now I know what the honeypot is, how do I turn it on, set it up, and manage it?

Posted by Jorge on 11/4/14 11:34 AM

You just need to enter the fictitious email addresses in the Honey-pot section. Whenever an email is intended for the recipient, the system will block the IP for a period of time. You can view the IP addresses in the "penalty box" by accessing the IP section.

Posted by Artur on 2/14/15 9:32 AM

In case of simple smtp proxy can I use i.e. m@ or bob@ address for any-domain catch?


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post questions here. Instead, use our public forums to post questions.