Virtual Spam Traps
On the dark side of the blindness paradox it is possible that new kinds of spam may be coming from known bad message sources. We might otherwise never see these messages until they start coming from new, as yet unknown IPs in the form of leakage.
This is actually an opportunity in disguise. Since we have known bad message sources and we have a high confidence in that assessment, we can randomly sample messages from these sources and if they are new to us (they do not match SNF pattern rules) then, we can send those samples to special (virtual) spam traps for evaluation. This has many benefits:
- We can code pattern rules for new spam campaigns more quickly since we don't have to wait for them to be reported by customers as leakage and we don't have to wait for them to arrive at our other (conventional) spam traps.
- We don't have to create conventional spam traps that may be difficult to seed and may be easily discovered and avoided by the blackhats.
- Virtual spam traps have no identity so they cannot be easily identified nor can they be easily avoided. Essentially, these virtual spam traps are everywhere and nowhere at the same time. Once a bad message source is identified the virtual spam trap system is silently "plugged in" to that message source.
For security reasons some systems may choose not to participate in the virtual spam trap program. For this reason it can easily be turned off without compromising the "peek" functionality that prevents the blindness paradox.