Talk:Open Relay Behavior-modification System

It's gratuitous and unsubstantiated to claim that it was block lists that led to spammers discontinuing use of open relays. It's far more likely that it was the success of a small number of open relay honeypots that led to spammers seeking another means of distributing spam. Michael Tokarev ran a very successful honeypot in Moscow, one that had a brilliant feature: it logged the incoming spam on a web page. The log included the IP address of the source of the spam. The URL of the honeypot log could be sent to the abuse desk of the ISP that was the apparent source of the spam and the ISP could then watch the log and cancel the accounts using the IP addresses that showed up. That quickly burned up the spammer's stock of accounts to be used for abuse since he had never experienced such rapid and certain loss of accounts before. When the spammer was using UU.net accounts Tokarev could see, in the logs for the web page that had the log, the spread of accesses to that web page through the IP addresses used by uu.net: others besides the abuse desk obviously were being alerted to the tool and what it represented. [Most of this is unsourced and private communication and ineligible for inclusion in Wikipdia.] You can find discussions of the honeypot by Michael Tokarev using Google search.

The spammer shut down by the honeypot was a Ralsky associate, in Texas. One of the orginal open relay test messages trapped by the honeypot went to a server in the Detroit area.

The honeypot web page is still there, showing the sources of the last spam messages received before the honeypot was disabled. [1] --Minasbeede 00:42, 22 September 2007 (UTC)[reply]