Saturday, December 26, 2015

What is a Spamtrap ?

Nowadays, almost all email service providers can automatically detect spams emails in user accounts effectively and redirect those potential spam emails to spam folders without human intervention.

But, how are spam emails detected automatically by email service providers ?

How are spam emails detected automatically ?

Almost all email service providers use machine learning to detect these spam emails. Typically, this machine learning technique relies on some predefined rules. When an incoming email matches most of those rules, the email is marked as spam and redirected to spam folders automatically. Otherwise, the email is sent to inbox.

What is a Spamtrap 

To detect spam emails automatically, firstly one has to decide on rules of detecting spam emails, based upon which the software can detect potential spam emails.

To decide on those rules, firstly enough research is done on spam emails to detect the most common properties of spam emails. And, based on those properties, rules of detecting spam emails are set.

Once the rules are decided, the email service providers set those rules in the spam detection software. And, spam emails are automatically detected in user email accounts.

A Spamtrap is an email address which is used to collect spam emails, so that enough research can be done on them to detect spams.

We have learnt about Honeypots in Computer Security and how they are used to lure the attackers. Spamtraps are like honeypots for collecting spam emails. They are the email addresses that are meant to collect spams only.

How are Spamtraps used

Anti-spam systems are normally automated. They collect samples of spam emails and make rules based upon them.

So, Spamtraps, which are email addresses dedicated to receive spam emails only, are created. After collecting enough samples, the anti-spam system study them and make rules for detecting spams. And, everything is done in an automated way.

How do Spamtraps reach the spammers

After creating Spamtraps, they are published over the internet, so that when spammers collect email addresses from various websites using crawlers, the Spamtraps are collected by the crawlers.

As Anti-Spam Systems work in an automated fashion, any legitimate emails coming in the Spamtraps can be mistakenly taken as spams and that can affect the system.

So, to prevent receiving legitimate emails in Spamtraps, Spamtraps are published in a location hidden from view such that only an automated script can find them.

After harvesting the email-ids spammers start sending out spams in bulk. But, as spamtraps are hidden from normal views, Spamtraps collect spams only and they do not receive legitimate emails.

Vulnerabilities of using Spamtraps

There are a couple of vulnerabilities of using Spamtraps. To mention a few of them :

  • If spammers can detect a spamtrap, the spamtrap becomes tainted. Spammers may send malicious emails in the spamtrap to control the automated spam detection process.
  • Spammers can even send malicious emails to spamtraps with sender's address modified to the spamtrap itself. And this can cause backscatter.
  • Sometimes, spammers put lots of legitimate email ids in the To and CC field of spams. So, if any of those legitimate email receivers reply to that spam email, the legitimate email address also can get considered as spam address by mistake.
  • If a Spamtrap becomes visible and someone sends legitimate email to the spamtrap by mistake, that email also will get considered as spam by mistake.

Spamtraps are widely used by anti-spam systems. This was just an introductory article about what a Spamtrap basically is. Hope you enjoyed this.