Replying to Stop Spam Harvesters

Already a memebr and a proud donater of an MX entry. Already had one bot caught one with that MX entry. As soon as my website goes public it will have a honeypot page. For business websites, this is better than a ToS or Privacy Statement for convincing viewers that their email addresses are safe with you and you won't spam them. If you are stopping spammers, it almost guarantees you aren't one .

~Viz

Oh, how I love it when I hear about new ways to deal with spammers and their insipid little bots!

I hate spam. Yahoo! does a pretty good job of keeping it out of my inbox, but I still resent the fact that the spam even exists - and I DOUBLY resent the fact that it's such a huge, massive deal now. (Some people get THOUSANDS of junk mails every DAY.)

One of the best things that I've found to do is 1. don't fall for that stupid "click here to remove from mailing list" link ... and 2. cheer loudly when national news headlines are made because a bunch of idiots at UT-Austin were caught participating in one heck of a huge spamming organizations.

hhmp.. great idea... once I've got my domain set up... I'll sign up to this program!

A way to stop spam are identifying the top spam harvesters, and shut them down before they reach your mailbox. The time you get spam at a new email address can vary. If you never give out the address on the Internet and the address are not just a first or a last name you may not see spam for years. If you create a website and put your email address anywhere on the page, eventually it will be harvested by a spam bot.

Munging the address may help, same if you use ASCII characters that will prevent harvesting for a while.

A lot of the block lists used by email providers come from users reporting spam and email hitting spam traps. Project Honey Pot are going one step further by identifying the spam harvesters and bot / spiders they use to crawl over your web-space using your bandwidth stealing your email addresses.

This is achieved by handing out a unique email address to every hit on your spam-trap. If a bot follows the link to the honey pot and harvests the address it will be logged. When an email hits that particular email box a spam harvester are identified.

It’s a few different ways we can help stop the harvesters and help reduce spam. You can host a honey pot on your website or if that is impossible (like it is for me at the present time) you can put a link to the Project Honey Pots website and help educate others. The last way to help is donating MX addresses to the project. The more MX addresses they have the more variety of spam-traps can be created.  If you have a domain name that you are not using donate up to 5 MX records for each domain name.

To learn more about the project go to .        Stop Spam Harvesters, Join Project Honey Pot

I’m using the button on company web pages and will add a honey pot as soon as an “.asp” script are ready. I have an average of 5000 to 10000 spam per day hitting a email server with less than 200 users. The 50 to 250 that slip through the filters and spam assassin I report.

Nils

<{POST_SNAPBACK}>

To those confused, I think this is what the system does:

There are programs that go to random websites and pick out email addresses.

The honeybot code apparently gets the address of the company that is trying to snag email addresses in order to spam unsuspecting people.

The honeybot reports these addresses in order to stop the companies from doing this.

I hate spam. I get at least twenty spam messages every few hours, and it is very annoying and it slows down production.

I think that this is an ingenious way to fight spam!

They create a php page for you that you add to your website. It's not visible to humans and it have warnings in cleartex in case a user uses page source to get to the page, that is where all the legalese is that makes it legal

On this page there is a email address that changes everytime a spider / bot collects it. The IP and other data are recorded in a database and if the email is used there will be a record of where and when it was collected. Since it's illegal to collect email addresses in a lot of places you can use

<meta name="no-email-collection" value="[link to your terms]" />

the no collect meta tag and link to your TOS, place it on all your webpages that way good bot's stay away from the pages.

A php script is created for you and you just have to upload it onto the server and place links to it on your webpages. Instructions come with it.

The honeypot does the rest, you will have email addresses that are automaticly updated and tracked by the projects servers.

Here is a link to the example honeypot http://www.projectho...pot_example.php

Nils

Can you explain how it works, Im still confused after reading there site, its not too clear, also explain if I have to do anything. Ive registered but need to know more and its site seems confusing.

I just signed up, it's a fabulous idea!

A little update on the Honeypot project!

One of my spamtrap MX addresses had it's first confirmed spam harvester. This is one of 5 MX addresses that I have supplied to the project. The MX records go onto other users websites if they would like to host a spamtrap but don't have spare MX records to use. So far over 69,000 Honey Pot Addresses Issued. This sounds like a lot, it's not. What is needed are more websites incorporating the Honeypots on their websites. I's not adding any overhead, just a little disk-space. The spam harvesters come anyway and they do not obey the robots.txt or metatags that you have.

Identified spam harvester - Malaysia

Look at the Honeypot website to see if this is something you can participate in. Click my sigfile to read up on Honeypots

Nils

Very interesting project. I joined and am now scattering the links all over my site.

The idea is great and it's really easy to participate and it doesn't take webspace nor bandwidth much.

<{POST_SNAPBACK}>

It takes a little space, but the spam bots are using bandwidth anyway crawling your pages so why not give them a little poison pill. Welcome to the project (btw I'm just a member I don't work there but I laud the effort)

I know email headers hold sender IP details, what I meant is that there is a need for a technology that can distinguish between offending IP addresses and victimised IP addresses that are used to spam. Right now, I can't think of any such approach which would not involve the collective effort of everyone whose IP address could potentially be hijacked. At the moment, the only way to verify that an IP address has been hijacked is to ask innocent people who see their IP addresses listed as suspected offenders to report their innocence and that is not enough because under the right conditions an offender can plead innocence too.

Honeypot is a great project idea and so far looks very promising but they need to focus on closing all loopholes

<{POST_SNAPBACK}>

Guess I didn't read your post correctly, sorry about that.

I use different techniques to distinguish between offending and victimized IP addresses used to spam. To me victimized computers sending spam is 'still' offending me.

As for offending IP addresses I see that the trend are going more and more to using 'Hijacked" home computers that are configured wrong and can be used as open proxies.

I use the block lists. They have different criteria and are not blocking just known spam sources. I block whole country zones and for USA I block any CIDR /24 or /32 that are marked as "dynamic" by the ISP. A dynamic IP address should not be used to send mail, if you have to send mail from a dynamic address use your ISP server.

I block /24 and /32 from known spammers. There are lists out there listing hijacked IP ranges, open form mail servers in china.
The text inside the code box is injected into the email header when a email fails. If the email fails with only one "RBL" only 5 points are added, if it fails with 2 the points added are multiplied by times failed and if the number is to high the message are either rejected or placed in a 'spam review' folder for review.
If the X-lookup does not match the IP it's a no go.

X-RBL-Warning: mail from 61.11.98.164 refused by DSBL, see http://dsbl.org
[tab][/tab]mail from 61.11.98.164 refused by CBL, see http://rcbl.abuseat.org
[tab][/tab]mail from 61.11.98.164 refused by Blitzed Open Proxy Monitor List, see http://opm.blitzed.org
[tab][/tab]mail from 61.11.98.164 is refused by SpamHaus, see http://cbl.abuseat.org/lookup.cgi?ip=61.11.98.164&.submit=Lookup
[tab][/tab]mail 61.11.98.164 refused by spamcop.net, see http://www.spamcop.net/bl.shtml?61.11.98.164
X-Lookup-Warning: MAIL lookup on nrhcwkyynt@medun.acad.bg does not match 61.11.98.164

Nils

There is a way to detect situations like that. It's used by a lot of companies with their own email servers and it's used by some ISPs (or they use their own version). Emails contain headers - wow what a revelation - when you read the headers you can find the IP address the spammer used to mail the spam.  ...
Nils

<{POST_SNAPBACK}>

I know email headers hold sender IP details, what I meant is that there is a need for a technology that can distinguish between offending IP addresses and victimised IP addresses that are used to spam. Right now, I can't think of any such approach which would not involve the collective effort of everyone whose IP address could potentially be hijacked. At the moment, the only way to verify that an IP address has been hijacked is to ask innocent people who see their IP addresses listed as suspected offenders to report their innocence and that is not enough because under the right conditions an offender can plead innocence too.

Honeypot is a great project idea and so far looks very promising but they need to focus on closing all loopholes