MBF Knowledge Base

How to set up a Spam/User Trap for use with Message Sniffer

The best way to submit spam to Arm Research is to create a pop3 mailbox on your system that their spam-bots can visit to collect samples. Their spam-bots will download and delete messages from the mailbox every few minutes and submit them to their system for processing.

There are two kinds of spam collection boxes. SpamTraps and UserTraps.

A SpamTrap is a mailbox that contains messages that were captured automatically without human intervention. These are virtually guaranteed to receive only spam and have a very predictable collection policy. For example, messages you might forward to a SpamTrap mailbox might be arriving at clean spamtrap addresses that you already have setup, fake (never used) addresses that were harvested by spammers, or messages from special filters (such as those that failed other virus scanners but did not fail SNF).

A UserTrap is a mailbox that contains messages that have been identified as spam or malware by users, administrators, or staffers in some way. For example, if you collect spam submissions from a button on your customer's email clients or if you allow trusted users to forward spam to a special mailbox then those messages might be forwarded to a UserTrap.

If you want to set up a SpamTrap or UserTrap on your system (or several if they are sufficiently different) then please send an email to support@armresearch.com with the following information:

Your license ID (so they know you are an authorized user).
The type of mailbox (either SpamTrap or UserTrap).
The email address (login id) of the mailbox.
The password for the pop3 account.
The FQDN of the pop3 server (such as: pop3.example.com).
A description of how the messages arrive at this mailbox.

Automated Virtual Spamtrap Network...

The SNF Version 3 engine includes a virtual spamtrap technology that automatically samples messages coming from known bad sources. When SNF identifies a message source (IP) as one that consistently sends nothing but spam (messages that match SNF pattern rules) then messages from that source will be sent to Arm's virtual spamtrap system at random intervals. These messages get added to special spam processing queues in their back-end systems so that they can create new rules for them and extract additional information about the messages and their sources.

The automated virtual spam trap network is part of the version 3 engine. There is nothing you need to do to set this up. It can be disabled if you have security concerns.