Mail Honeypot Thesis

I'm doing mail honeypot project for my thesis.  Having a little bit problem in writing good report.  I hope u all can comment it so I can edit before submit it.  For the start, I attach my abstract.

Electronic mail or in short can be called email is an important communication method since internet were propagated in the early 1980s.  People have change their way of communication since the used of email arising.  However the efficacy of email is being endangered by spam problems when the Internet was opened up to the public.  As defined by Spamhaus Project, spam applied to Unsolicited Bulk Email.  Unsolicited means that the recipient has not approved for the message to be sent.  Bulk means that the message is sent in large quantities and indistinguishable content.  Mail servers that run Simple Mail Transfer Protocol (SMTP) service which are open relay are exposed to be abused by spam.  An open relay mail server will relay any messages through it.  This project will help to determine the spam source of origin and their contents.  Methodology used in this project is experimental approach.  This project will be run on Qmail mail server which is an open relay and tcpdump for data capturing.  The open relay mail server will be act as mail honeypot to attract spammers.  Hopefully this project can benefit others by contributing spam source of origin to be inserted in spam block list.

Hi dotcompex.

Make sure you don't actually relay the emails!
Only emulate an open relay, and then accept the emails for relay, without actually relaying them.

If you relay then you become part of the problem, and not part of the solution.

There should be no need to use TCPdump to capture the email traffic originator, any normal STMP program should put the originating IP-address in the logfile.

You should add a spam filter based on originating IPS to your solution so that you don't accept emails from known spammers, this way you will focus on discovering the unknown Originating IPs. If you don't then you will just be using your bandwidth on known spammers without the benefit you are seeking.

Honestly I don't see the research value in you discovering a few more originating IPs using known detection methods. Most of these IPs will only be spamming for a few days any way.

You could change the focus of your report to have several Open relays on different servers and try to determine if spammers prefer one kind of mail server over another.

You could also try and measure how many spammer are using SMTP over TLS(SSL) compared to unencrypted SMTP

This would make your thesis much more interesting to read.

If you are done with the experiment part, then this advise comes a bit late but I hope it helps anyway.

Jesper Jurcenoks

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of dotcompex
Sent: Wednesday, April 22, 2009 6:55 AM
To: honeypots@...
Subject: Mail Honeypot Thesis


I'm doing mail honeypot project for my thesis.  Having a little bit problem
in writing good report.  I hope u all can comment it so I can edit before
submit it.  For the start, I attach my abstract.

Electronic mail or in short can be called email is an important
communication method since internet were propagated in the early 1980s.
People have change their way of communication since the used of email
arising.  However the efficacy of email is being endangered by spam problems
when the Internet was opened up to the public.  As defined by Spamhaus
Project, spam applied to Unsolicited Bulk Email.  Unsolicited means that the
recipient has not approved for the message to be sent.  Bulk means that the
message is sent in large quantities and indistinguishable content.  Mail
servers that run Simple Mail Transfer Protocol (SMTP) service which are open
relay are exposed to be abused by spam.  An open relay mail server will
relay any messages through it.  This project will help to determine the spam
source of origin and their contents.  Methodology used in this project is
experimental approach.  This project will be run on Qmail mail server which
is an open relay and tcpdump for data capturing.  The open relay mail server
will be act as mail honeypot to attract spammers.  Hopefully this project
can benefit others by contributing spam source of origin to be inserted in
spam block list.
--
View this message in context: http://www.nabble.com/Mail-Honeypot-Thesis-tp23175462p23175462.html
Sent from the Honeypots mailing list archive at Nabble.com.

I would have thought that botnets are a much greater problem than an open
relay, which is just a couple of pcs / servers and can easily be knocked
offline by an ISP etc.

Also, be careful where you run your relay ... whatever ISP your using will
be none too happy at being blacklisted; especially since they are trying to
provide a commercial service rather than be someone's toy. It's worth noting
that sending SPAM is probably not legal in your country legal and definitely
not moral, and your proposing to send a load.

I would have thought there is enough SPAM data in the public domain ...
http://www.projecthoneypot.org/ /
http://www.projecthoneypot.org/statistics.php ... provide a lot for example,
and if you drop them a nice mail and explain what you're doing etc, you may
find a handy contact and them willing to give you more information. Much
better than creating yet another SPAM source and feeling the wrath of your
ISP / College / Uni / Other sys admins imho.

I.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of dotcompex
Sent: 22 April 2009 14:55
To: honeypots@...
Subject: Mail Honeypot Thesis


I'm doing mail honeypot project for my thesis.  Having a little bit problem
in writing good report.  I hope u all can comment it so I can edit before
submit it.  For the start, I attach my abstract.

Electronic mail or in short can be called email is an important
communication method since internet were propagated in the early 1980s.
People have change their way of communication since the used of email
arising.  However the efficacy of email is being endangered by spam problems
when the Internet was opened up to the public.  As defined by Spamhaus
Project, spam applied to Unsolicited Bulk Email.  Unsolicited means that the
recipient has not approved for the message to be sent.  Bulk means that the
message is sent in large quantities and indistinguishable content.  Mail
servers that run Simple Mail Transfer Protocol (SMTP) service which are open
relay are exposed to be abused by spam.  An open relay mail server will
relay any messages through it.  This project will help to determine the spam
source of origin and their contents.  Methodology used in this project is
experimental approach.  This project will be run on Qmail mail server which
is an open relay and tcpdump for data capturing.  The open relay mail server
will be act as mail honeypot to attract spammers.  Hopefully this project
can benefit others by contributing spam source of origin to be inserted in
spam block list.
--
View this message in context:
http://www.nabble.com/Mail-Honeypot-Thesis-tp23175462p23175462.html
Sent from the Honeypots mailing list archive at Nabble.com.