Honeypot detection

[amaury1093]

Does email address under test hide a honeypot?

[nosovk]

Is there a way to detect that address is a Honeypot?

[amaury1093]

tbh I don't have a clear idea how to do it either. But other email validation services provide it, so it could be good to investigate how they do it.

I guess it'll be based on some heuristics. An idea could also be to include in the binary a moderately-sized txt file with honeypot addresses.

[Imbuedhush]

Honeypots are like normal addresses, you can check that address is spam trap with sending one email and waiting for listing your ip/etc.. in blacklist OR you can have database of spamtraps, so just filter them out

[nosovk]

waiting to being blacklisted seems bad idea...

[44za12]

Can I pick this up? I have a few ideas based on some assumptions.

Every HoneyPot has an OpenRelay (they are trying to trap so all bets are off). We can essentially detect if it is an open relay or not, instead of trying to detect if it's honeypot.
Some HoneyPots don't implement all the commands like VRFY and EXPN.
HoneyPots can also give responses other than the standard responses for HELP command.

Instead of giving a definite BOOL we can return a confidence score based on these conditions.

These assumptions are based on testing multiple open source honeypot providers.

What do you think @amaury1093 ?