Stop Spam Harvesters - add a Honey Pot to your site

A way to stop spam are identifying the top spam harvesters, and shut them down before they reach your mailbox. The time you get spam at a new email address can vary. If you never give out the address on the Internet and the address are not just a first or a last name you may not see spam for years. If you create a website and put your email address anywhere on the page, eventually it will be harvested by a spam bot.

Munging the address may help, same if you use ASCII characters that will prevent harvesting for a while.

A lot of the block lists used by email providers come from users reporting spam and email hitting spam traps. Project Honey Pot are going one step further by identifying the spam harvesters and bot / spiders they use to crawl over your web-space using your bandwidth stealing your email addresses.

This is achieved by handing out a unique email address to every hit on your spam-trap. If a bot follows the link to the honey pot and harvests the address it will be logged. When an email hits that particular email box a spam harvester are identified.

It’s a few different ways we can help stop the harvesters and help reduce spam. You can host a honey pot on your website or if that is impossible (like it is for me at the present time) you can put a link to the Project Honey Pots website and help educate others. The last way to help is donating MX addresses to the project. The more MX addresses they have the more variety of spam-traps can be created. If you have a domain name that you are not using donate up to 5 MX records for each domain name.

To learn more about the project go to . Stop Spam Harvesters, Join Project Honey Pot

I’m using the button on company web pages and will add a honey pot as soon as an “.asp” script are ready. I have an average of 5000 to 10000 spam per day hitting a email server with less than 200 users. The 50 to 250 that slip through the filters and spam assassin I report.

Nils

 

 

 

Comment/Reply (w/o sign-up)

I think that this project is a great idea and as soon as I get a website running I will sign up for it. I will try almost anything to help stop or at least lower the amount of spamming that goes on. Thanks for the link .

 

 

 

Comment/Reply (w/o sign-up)

ah cool this is great! finally some people trying to stop spambots. I'm gonna donate some MX records to Project Homey Pot, since i've got a .INFO domain i'm not using...

Comment/Reply (w/o sign-up)

Daniel,

I'm using MX records for domains I own and use. I have different mx record for my real email and donated mx records for the honey pot.
This are the real mx records that point to my email server:

• mail.exampledomain.com
• pop3.exampledomain.com
• smtp.exampledomain.com

This are the donated MX records pointing to Honey Pots servers:

• nopop3.exampledomain.com
• nomail.exampledomain.com
• nosmtp.exampledomain.com

Since it's ilegal harvesting email addresses in the US, the records will be used to help lawenforcement officers shut down spam harversters.

If you look at the top 20 list you can see that a lot of the spam bots are collecting the addresses from the same computer that they are sending the spam from (or from the same 0/24 range). The computer may be compromized but if we shudown compromized computers we shut down the spam.

Nils

Comment/Reply (w/o sign-up)

Glad to see that someone is finaly taking action afainst these pests. They do nothing but eat up bandwith and waist valuble time.

Comment/Reply (w/o sign-up)

Thanks for the link. This is a serious problem on the internet. Assinine individuals who would invade your privacy with spyware and harvesters ought to be lined up and shot.

Comment/Reply (w/o sign-up)

[RANT]
spam is a pet peeve of mine... I hate it. I'm an active spam reporter. I use spam-traps with some of my posts. I have not done it on this site yet but there are places I put a email address in my sigfile with text color the same as the background color. Only time that address get email is after a spam bot have harvested a forum or newsgroup.
[/RANT]

[RANT]
If you read into the concept it will not stop spam but it will help identify spam harvesters and their IP address, a lot of times the spam bot are operated on zombie hosts without the knowledge of the user/owner. Some of the larger ISP's are ignorant when it comes to spam bot and don't shut them down when a complaint is filed. One of the excuses are "This is a dynamic IP range and it could have been anyone". (Translation, I'm working the abuse desk and I don't feel like checking the log to see who was assigned that IP address at the time of the complaint!) Or you get an auto-response that don't make sense or has anything to do with the problem you reported. I have reported open proxies and got an email back with the statement that this is not one of our email servers so we are not responsible for the spam, please report it to the proper ... bla bla bla.[/RANT]

When they get a notice from the authorities the response seems to be a lot faster.
Thanks for the interest, be an active spamreporter. It's like hunting Osama Bin ....
Nils

Comment/Reply (w/o sign-up)

i've heard once that most of this spams is made by email provider and spam assassins. you can also have some bux by just spamming. therefore spamming is business not a bad habit. and in my point of view this project honey pot is another good business

Comment/Reply (w/o sign-up)

I'm still online even thou I should have gone to bed

The Honeypot project are like astahost.com a free service by a company that are working to make money.

is the parent company and they have to be in the business of making money.

The inherent problem with things you hear are "they are not first hand knowledge". Most of the income to spammers go to the big spam operations that are sending millions of spam a day. As a added side business they sell email addresses to spammer wannabies<sp> that buy a cd rom and think they can make money.

What spammers do are stealing from all of us, everyone on the internet that pay for the connection are paying the cost. spammers steal bandwidth, who pays for that, your ISP and in the end you pay for it.

The other issue are slow internet connection, if you are on a 56k dialup line and your pop3 email box are downloading 200 spam because you didn't go online for a couple of days. Are you going to be happy that you couldn't surf the net for 1/2hr because the spam downloaded? You can stop the transmission but then you may miss an important email.
What if your rich uncles email telling you to come and pick up a million $ bounced because your email box on the server was over the limit and your ISP bouncesd it.

Is it OK to steal a million $ from 1 person. If you answer no, then is it OK to steal $1.00 from a million people? the sum is the same and they are both wrong.

Nils signing off from Mars.

Comment/Reply (w/o sign-up)

Very interesting project. I joined and am now scattering the links all over my site.

The idea is great and it's really easy to participate and it doesn't take webspace nor bandwidth much.

Comment/Reply (w/o sign-up)