Spamtrap

An untainted spamtrap can continue to collect samples of unsolicited messages that can be acted on by an automated anti-spam system. The automated system could instantly block any further e-mail messages with the same content, arriving for other e-mail addresses, because the messages would then be considered as bulk unsolicited e-mail, the typical definition of spam. Automation is considered "safe" because no legitimate email messages should be arriving to the spamtrap address. The source IP address of a sender delivering e-mail to the spamtrap could also be added to a blacklist for source address blacklisting of e-mail. == Vulnerabilities ==

• A spamtrap becomes tainted when a third party discovers what the spamtrap e-mail address is being used for. Once this occurs, the third party could target the spamtrap by maliciously sending email to it giving the third party some control over the automated process of what is being considered bulk unsolicited e-mail by the anti-spam system. However, they would be able to subscribe a spamtrap address to an email list only if that list would not use confirmed opt-in. • Spammers using spamtrap addresses from their mailing lists as sender addresses can cause backscatter when a reply/DSN is sent to the spamtrap address. • If the spammer puts a spamtrap mailbox address into the TO or CC line, when any of the other addresses "reply-all" or forward the message, it will cause that address to be considered spam, too. • Many spamtrap addresses show up in search engine results, and anyone can write to these addresses without knowing that all mail will be caught as spam. == Usenet ==

A spamtrap can also be a Usenet newsgroup whose sole purpose is to lure cross-posted spam. For example, the alt.sex.cancel newsgroup charter states that any article posted there may be cancelled immediately. Thus, a spammer who cross-posts an article to the entire alt.sex.* hierarchy, including alt.sex.cancel, will find that article is quickly cancelled. ==See also==