Yep, Jon's on the right track.
A honeypot is a computer or email address that is connected to the Internet that is never used and should never receive any email or any network traffic. Security researchers will set up honeypots that look like vulnerable copies of Microsoft Windows without security patches, or that look like they are running open proxies, or they will publish email addresses that are never used on Web pages that should never be accessed by people.
The idea is to see if virus writers or spammers will find the honeypot and attempt to use it. For example, if someone is doing scans of computer IP addresses looking for vulnerable computers, or is using computer programs to scan Web pages searching for email addresses to spam, they will find the honeypot. The only reason that anyone would ever connect to a honeypot computer or send email to a honeypot email address is because they were trying to hack the computer or send spam.
I find that explanation somewhat unsatisfactory about why your friend's emails are being spam-trapped, though. It seems unlikely that your friend would be sending any emails to a honeypot address.
There are some more likely scenarios; your friend might be infected with a virus, or might be using an IP address that had virus-infected computer on it at some point in the past, or your friend's computer might be on an IP range that's been a "bad neighborhood" in the past, or even the anti-spam software could simply be wrong.
I do have a couple of questions:
- What is your friend's IP address?
- When you get a spam-tagged email, and you look at the full headers, are there any headers that show anti-spam information? Some spam filters will embed information in the email headers that you can use to determine why the spam software believes the message is spam.
