Jump to content

Recommended Posts

Posted

Hey there --

I want to inform about a service called Project Honey Pot. It allows to track and help catch spammers who harvest email addresses from your web pages.

In particular, I like the following tag (placed in <HEAD> section):

<meta name="no-email-collection" value="http://www.unspam.com/noemailcollection" />

(follow the above link for more details)

As far as I'm aware of, this is the first active (as opposite to passive) approach in fighting SPAM (by stopping Spam Harvesters).

You can learn more and sign up for free by visiting:

http://www.projecthoneypot.org

Enjoy!

Posted

This idea's been around for years but it hasn't come to any fruition. It just adds tons of (usually) phoney email addys to the spammers database and in theory will make these databases useless. Years later there's tons more spam and nothing's happened. The ones who suffer most are the ISPs who are unlucky enough to have customers who leave their machines open to be compromised and used as a spam server. These isps get flooded with bouncing fake emails. No skin off the nose of the spammer.

I cannot find anything at www.cauce.org or CERT that recommend it, but there is a letter published by Chris Linfoot, who is probably one of the top experts in spam:

This is new to me but seems like a somewhat flawed idea. It will not stop spam or even slow it down (I do not suppose it is intended to do so directly), though being able to track down address harvesters may be academically interesting.

I think the notion that harvesters are the top of the spam food chain is somewhat naive. The people doing the spamming and more usually selling the spamware, not those harvesting addresses, are at the top of the food chain and most of them are already known - that is what ROKSO is for (http://www.spamhaus.org/rokso/index.lasso).

If you are really looking for startling revelations about the location and identity of spammers, just look at the bottom, right of the Spamhaus home page at the section entitled "Top 10 ROKSO Spammers" - there's about 90% of your spam load right there and I didn't need a honeypot to find out. from: http://www.keithstric.com/article143.html

If you want to cut down on your spam and own a domain, try this:

Don't put your actual email on the webpage, use an alias that redirects to the real email address, and change the alias as spam starts to get to be too heavy. When you reply to a legitimate contact who emails you from your site, be sure your replyto email is the real one. Include a note to contact you at the real email from now on. Then you don't have problems when you switch the alias.

Example: [email protected] >>sends to>> [email protected]

When you get too much spam change it to:

[email protected] >>sends to >> [email protected]

all spam going to tempaddy1@ should bounce

cv

Posted

Also, there is another HoneyPot project - to lure hackers to your server and watch them trying to crack it. Help with developing security systems.

Spammers used to relay through ISP servers ... What was a time ! :-)

but not anymore, its pretty cheap to rent dedicated server at provider's location and use it.

About protection - i saw ppl use "AT" instead of @ in their email address. I think it won't work long enough, just search for AT instead of @, and re-validate adress. simple, right ?

Posted

CSLOXINFO has recently setup a global Spam filter for all their customers.

It is pretty effective at the moment.

In my case trapping around 150 messages per day.

Posted
CSLOXINFO has recently setup a global Spam filter for all their customers.

It is pretty effective at the moment.

In my case trapping around 150 messages per day.

I agree. Only one or two slip through now, compared to hundreds before...

Recent lox incident...

I always pay my lox bill by returning their billing email form and using my cc. No fax, so I use email to do it. I pay ahead for around 6 months, then pay again...

Anyway, I was procrastinating too long and they shut me off on the first of this month. I called them and told them I had no fax, and going to the bank was a hassle that day...

The customer service rep gave me her account info and password to use so I could pay my lox bill.

She could have easily told me there was nothing she could do, but, instead, she went the extra mile and stuck her neck out for a customer. Blew me away, actually.

Say what you want about lox's slow internet, but the people there are great. Over the last 12 years of having an account with them, they have helped me on many such occasions when I was stuck, and the techs have spent hours with me patiently trying to work out my problems...

That's why I've stayed with Lox. Great Service. :o

Posted
CSLOXINFO has recently setup a global Spam filter for all their customers.

It is pretty effective at the moment.

In my case trapping around 150 messages per day.

very well, CS Loxinfo mail server are being banned from some mail servers in EU, I had to write letters to admin that our mail is not spam, just commercial correspondence.

seems like more spam is coming from CS than to ?

Posted

It seems that most responders missed the point of this topic and of the particular purpose of the Honey Pot project. It is not intended to prevent SPAM to enter one's mailbox, but dealing with "email harvesters" that collect email addresses from the web pages.

Also, cdnvic was referring to the point...

This idea's been around for years but it hasn't come to any fruition. It just adds tons of (usually) phoney email addys to the spammers database and in theory will make these databases useless.

It is not true, this project did not add tons of (usually) phoney email addresses. Just read how they operate, and take a look at a link I mentioned above:

http://www.unspam.com/noemailcollection

It is intended to bring the law enforcment to the rescue, as far as I can see.

Yet, I do agree with many other points of cdnvic and people he quoted:

"It will not stop spam or even slow it down (I do not suppose it is intended to do so directly), though being able to track down address harvesters may be academically interesting." And so on...

BTW, the solutions of "email hiding" referred on the Honey Pot pages are more practical. Just take a deeper look, cdnvic.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...