Originally posted here by Tedob1
wasn't CaptainCrunch working on that?
He appears to knows about the technique, but I am not sure where he was heading with it.

Originally posted here by John Draper
yes - this is a common spammer trick. They just make as 1 x 1 pixel image, and use that as a "tracker" to see if the Email address is good. In our case, of course it's good..... It's a honeypot, one of millions that can be spread around for the PIGS (spammers) to wallow in.

But what can really get spammers is to infiltrate them with Honeypot SMTP servers. They use scanners to look for them. So when a scanner comes across a honeypot, they are going to pounce on it like pigs in ****. Playing to their Greed, they will be amazed at how fast the honeypot works (it really doesn't have to do anything - other then give them the impression the mail is going through). In meantime, while the spammer is running their spammer program, true logging takes place, and since they are directly connecting to it (they have to), then I get a true log of their real origin, and NOT the ISP's mail server IP. I would have the DSL/Cable/ or dialup port IP. From that, I can track them down (through cooperation of their local provider).

Normally, spammers would use an open relay (one of millions out there), but these are usually in China (which means it's a lot slower and less desirable to use), because spammers are GREEDY, and want to spew out as much as possible in the shortest time. But going through these gatways offer little opportunity to track them, because they are hiding two or more layers deep, so it's a loosing battle.

Once a spammer stumbles into a honeypot, they can be tracked.

Cheers: