Darkmail Attacks - The Next Network Threat?

An anonymous reader wonders: "SC Magazine are running an article on the growth of so called Dark Mail Attacks. Whitedust Security appear to have identified this as a potential problem way back in December 2004. Since that time, a marked increase in attacks of this nature, including the recent attacks on the UK Government infrastructure, have been recorded. Are these types of attack a new large scale threat or just a passing fad?"

Spearphishing? Darkmail? Honeypot?

[telstar]

I feel like I went to sleep and woke up in a Mad Max sequel.

Re:Spearphishing? Darkmail? Honeypot?

[aftk2]

No kidding. Darkmail. It sounds like something I'd take along with my vorpal sword, and +10 boots of speed.

Defeat "darkmail" through "greytrapping"

[Nonesuch]

The latest version of pf, spamd, and spamdb offered with OpenBSD 3.7 work well to address the problem of high-volume dictionary attacks, through a combination of bandwidth shaping, tarpitting, greylisting, and spamtrap addresses.

Basically, you configure spamdb to greylist unknown senders, and provide it with a huge list of "spamtrap" addresses, which are invalid email addresses not actually used in your domain.

GREYTRAPPING
Any source which tries to email to a spamtrap address is temporarily blacklisted, just like how SpamCop's SCBL reacts to a message to a spamtrap.

Recent enhancements to 'pf' provide for rate-limiting connections based on the source IP, in addition to the regular bandwidth shaping features. With minimal effort you can configure an OpenBSD mail gateway or router to ensure that you waste as much of the spammers time as possible, while expending the least amount of your own effort and bandwidth.