– Honeypots of doom! blocks mail

I used to be a major fan of SpamCop. I think they have gotten sloppy these days. They have a method of finding spammers that involves seeding the net with honeypot addresses, and if your mail server sends that address email, of any sort, your server gets blocked. The problem is that some spammers are managing to figure out what these honeypot addresses are, and they use them in the From field on their spam. There starts the problem…

A while back my personal mail server became blocked by SpamCop. When I tracked down the reason, the only thing I could find was bounced spam. I had received spam through my secondary MX, so it bypassed my spam filters and user checks. When it hit my primary mail server, and was addressed to a non-existant user account, it was bounced. Because the From had been forged with a honeypot address, it bounced back to SpamCop. It would appear that SpamCop is not parsing the email sent to honeypot addresses to see whether they are real spam or bounce messages. This means that lots of legitimate mail servers will get blocked by SpamCop, and many administrators will have to disable SpamCop BlackHole services to receive legitimate mail. I’m sure this was the spammer’s intent, to poison the SpamCop well; and they are succeeding because SpamCop isn’t going the extra mile and parsing for bounces.

Today I realized that SpamCop was blocking email from Apple’s mail servers. It looks like pretty much all of the outgoing mail servers are blocked. Well, that doesn’t work for me. The well is poisoned, and I can’t risk so much as a sip. SpamCop is out of my RBL config.