The Peacham Spam Trap is a platform-independent tool which allows mail server owners to compile and use their own DNS-based Real-Time Blacklist driven by spam arriving in a "honey-pot" account known only to spammers. It is only of use to organizations which have their own mail servers. Users who download their mail from somebody else's server will not be able to implement it. If you are a domain owner who wants to start running a mail sever, one of the best can be found at http://www.desknow.com.
The flow of data in using the spam trap is as follows:
Your mail server will need to support two standard facilities: POP3 and blacklists. POP3 is the Post Office Protocol used to read the contents of an inbox, and blacklisting is the ability to check the senders address against lists of known spammers. If you have not yet configured your blacklists, go to DNS Stuff DNS tools, DNS hosting tests, WHOIS, traceroute, ping, and other network and domain name tools. This site will help you pick blacklists.
Your mail server should be able to log incoming connections, but you might have to turn the log on. This log will show you if there are any addresses that do not exist, but still get spam sent to them. This would be an excellent candidate for a "honey pot", a tempting target for spammers. If you have multiple such addresses, make them aliases of the same mailbox. The idea is to have a single mailbox on the system that receives as much spam as possible, but only spam.
This server is not too well known. Its function is deceptiveley simple: It
translates symbolic addresses such as
www.mydomain.com to a numeric
address such as
188.8.131.52 which can be used to route data
across the Internet. This simple description does not tell you that it is
tapping in to a widely distributed, multiply-redundant database of millions of
records. For each domain, there are a few servers that are "Authoritative" which
means that they provide the only true translation of the domain name. Other
servers can copy those records, but each one has a "Time-to-Live" value. When
the time expires, the record must be refreshed from an authoritative source.
The DNS system handles many kinds of records. Only a few are of interest here:
One other point of interest is how reverse lookup (going from an IP address
to a name) is done. By convention a special domain,
is used for reverse lookup. To lookup the name of
184.108.40.206, you would ask
for the PTR record for domain "
it would contain the symbolic name. A similar scheme is used to implement
If you are not currently running a DNS, you will need to get one up and running in order to implement the Spam Trap, Having one will also speed up most of your lookups associated with web browsing, mail processing, or other Internet activities. Linux systems come with BIND9, which is the reference implementation of the DNS. There is an excellent version of BIND9 available for Windows, called TreeWalk DNS, available from http://www.ntcanuck.com. It is easy to install and has a good configuration wizard.
Before installing the Spam Trap, it is necessary to have your trap e-mail account configured on the mail server and to have your DNS server up and running. Then perform the following steps:
The Spam Trap has two operations that it performs: reading mail, and updating the data base.
Whenever you feel like it you can perform a manual update cycle as follows:
Automatic repetition of Read Mail followed by Update DNS can be specified by entering a non-zero value for "Update every n minutes" on the Mail tab of the configuration dialog. The main panel will show the results of each cycle. Checking other DNSBLs can also be automated. see the Defer tab.
Selecting View/Data will bring up the database display:
The rows highlighted in yellow are the entries currently being blocked by the DNS. Rows highlighted in red are entries created to represent groups of 256 addresses all being blocked. The columns are:
Any change in Ignore or Force will take effect the next time that the DNS is updated, either manually or automatically.
Even with widespread dissemination, your Spam Trap address will not be known to every spammer in the world. Some spam will still get to you, that wasn't sent to him. You can't just forward it, because that will get you (as the sender) blacklisted on your own system, an undesirable outcome. This is where manual data entry comes in. It operates as follows:
But Wait! Before you do that make sure that the spam came to you directly from a spammer as opposed to being forwarded from a mailing list or by your brother-in-law. You don't want to block the mailing list, and you have no control over what the mailing list forwards. You might suggest the Peacham Spam Trap to the mailing list owner. Go ahead and block your brother-in-law, if you want to.
The Peacham Spam Trap will log any errors in the logs folder. You can also
log actions taken by starting the Spam Trap with a parameter of "
In Windows this is done by creating a shortcut to the JAR file and editing the
target to read: "
-jar spamtrap.jar tracelevel=config".
This work is licensed under the Creative Commons Attribution-No Derivative
Works 2.5 License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-nd/2.5/ or send a letter to Creative
Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
Peacham Spam Trap is implemented using Java from SUN Microsystems. Java level 1.5 or above is required.
Access to the Inbox is via the JavaMail API.
Access to the DNS is using DNSJava.
Reading and writing of the database is done using CsvReader.
This application uses the IP-to-Country Database provided by WebHosting.Info (http://www.webhosting.info), available from http://ip-to-country.webhosting.info."
Comments and questions to the author, Fritz Schneider