Removing an IP from Honeypot (but not whitelisting it)? - ORF Forums

Removing an IP from Honeypot (but not whitelisting it)? RSS Back to forum


Increasingly we will get a honeypot hit from a legit IP, such as ( (We've seen it from google and yahoo as well.) This obviously blocks hundreds of thousands of potential mail domains as a result. What does ORF suggest we do in this instance? If I whitelist that IP/range then we are open to further abuse. If I whitelist domains that send through that IP then it's whack-a-mole...

Honeypot is very successful for us, and unlike the advice given in the FAQ, we do use very old addresses long after they have been removed. We don't see too many issues with this procedure and get a lot of spam this way.

by Indy 5 years ago

@Indy: Unfortunately, the only thing I can suggest is to exclude the domain (and similar providers like Gmail and Yahoo) or their IP ranges from the Honeypot test by adding them either to the IP Exceptions or Sender Exceptions (Blacklists / Honeypot Test page).

As long as both legitimate emails and spam are received from such providers, the Honeypot test will likely to cause false hits.

Adding them to the exception list will exclude them from the Honeypot test only, the rest of the blacklist test will run (so this is a better approach than whitelisting them).

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)


This is increasingly a bigger and bigger issue, making honeypot less and less useful. I'm debating turning it off completely, as we just had yet another honeypot hit from another outlook hosted domain.

It's kinda shocking to me to see so many of our vendors, clients and customers using google and Microsoft for hosted/"cloud" based mail. They are sharing their domains with good old spammers, now. :(

by Indy 5 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2