Abstract

Spam and phishing emails remain among the most common vectors used by threat actors for delivering malicious URLs and attachments. A spam email honeypot (spampot) offers an excellent opportunity to observe and gather intelligence about these attack vectors. We are releasing an open-source honeypot, SHIVA (Spam Honeypot with Intelligent Virtual Analyzer), designed specifically for capturing and analyzing spam interactions at cloud scale. The honeypot presents itself as a fully functional and open SMTP server. By deploying this honeypot, researchers and organizations can analyze and gather real-time threat intelligence on spam. Analysis of captured data can provide information on phishing attacks, scamming campaigns, malware campaigns, and spam botnets. This will enable the organizations to identify emerging threats and improve their defensive strategies. We detail the architecture and implementation of the honeypot, along with case studies showcasing its effectiveness in enriching threat intelligence.