Submitting Spam

What is a virtual spamtrap?

What we do use from time to time are virtual spamtraps. In a virtual spamtrap scenario, you can submit spam that reached a very high (very low false positive) score but did not fail SNF. Generally, this is done by copying the message to a pop3 account that can be polled by our bots.

We treat this kind of submission as if it were a usertrap, so we are very careful about what to code. The advantage to this methodology is that the detection of new spam is timely. Also, since we code rules speculatively for entire campaigns and message structures, SNF will often end up capturing instances of the campaign that did not score highly enough on other tests to get into the trap, and also preemptively captures future versions of the campaign that are not yet seen.

All that said, the biggest benefit of this kind of synthetic spamtrap is that if you now see something before we do, we will see it and code for it faster.

New with version 3: Automated Virtual Spamtrap Network

The SNF Version 3 engine includes a virtual spamtrap technology that automatically samples messages coming from known bad sources. (This can be disabled if you have security concerns). When SNF identifies a message source (IP) as one that consistently sends nothing but spam (messages that match SNF pattern rules) then messages from that source will be sent to our virtual spamtrap system a random intervals. These messages get added to special spam processing queues in our back-end systems so that we can create new rules for them and extract additional information about the messages and their sources.