Has anyone else tried this:
- Certainly, yes. Almost every anti-spam service out there uses them, the industry term is "spamtraps"
How do you go about doing it?
- Normally, find an address in one of the domains which receives a lot of spam and confirm with the owner that it is not in use and they have no plans to resurrect it. This process can be (partially) automated.
Does it work?
- Yes. The most useful thing is, that as you can guarantee that messages sent to traps are spams, you can use it to calibrate the effectiveness of an engine at any given time, to measure how well you're doing at blocking spam (false negatives) - provided you have a sufficiently large sample of spamtraps; most anti-spam companies would have hundreds or thousands
- They can also be used by automatic learning systems to "learn" stuff about spams. But that could learn about spam sent to non-spamtrap addresses too (of course, you're never 100% sure it's a spam if it's sent to a non-spamtrap address)
- "Blacklisting" sender addresses is not normally used. This is because apparent spammers usually invent garbage sender addresses anyway, and because apparent spammers occasionally reform their ways and start sending clean mail
- IP address blacklisting isn't used (in a simplistic form) either, for the same reason; "bad" IP addresses can start being "good", so if you had a blanket ban, legitimate mail would end up being blocked.
Normally you wouldn't use just a single address; that wouldn't be enough. Try a few hundred spread throughout all your domains (for a start).
You can advertise them if you like, but if your domains are sufficiently well-known to spammers, candidate spamtrap addresses probably already exist within them (they are probably mailboxes which don't exist on your end-user systems).
Whole spamtrap domains can be set up - I'm sure many companies use these - either buy 2nd hand domains or register realistic sounding ones with a plausible (albeit fake) web site. Subdomains can work too. Spamtrap domains are handy because you can set them up with keywords or in specific top-level domains that spammers might be targetting.