Removing an IP from Honeypot (but not whitelisting it)? RSS Back to forum
@Indy:
Unfortunately, the only thing I can suggest is to exclude the domain Outlook.com (and similar providers like Gmail and Yahoo) or their IP ranges from the Honeypot test by adding them either to the IP Exceptions or Sender Exceptions (Blacklists / Honeypot Test page).
As long as both legitimate emails and spam are received from such providers, the Honeypot test will likely to cause false hits.
Adding them to the exception list will exclude them from the Honeypot test only, the rest of the blacklist test will run (so this is a better approach than whitelisting them).
This is increasingly a bigger and bigger issue, making honeypot less and less useful. I'm debating turning it off completely, as we just had yet another honeypot hit from another outlook hosted domain.
It's kinda shocking to me to see so many of our vendors, clients and customers using google and Microsoft for hosted/"cloud" based mail. They are sharing their domains with good old spammers, now. :(
Increasingly we will get a honeypot hit from a legit IP, such as 207.46.163.243 (Outlook.com) (We've seen it from google and yahoo as well.) This obviously blocks hundreds of thousands of potential mail domains as a result. What does ORF suggest we do in this instance? If I whitelist that IP/range then we are open to further abuse. If I whitelist domains that send through that IP then it's whack-a-mole...
Honeypot is very successful for us, and unlike the advice given in the FAQ, we do use very old addresses long after they have been removed. We don't see too many issues with this procedure and get a lot of spam this way.