Here's a response to Chris Albert's concerns about Project Honeypot from Matthew Prince, the head of Project Honeypot and unspam.com. He also gives his direct phone number as: 312.543.3046. Matthew's reply address is: phpot-surbl@matthew.unspam.com or you may be able to reply all since I included this on the To: list.
I invited him to join our lists, but expect he may already get plenty of mail.
Jeff C. __
It's a strange thing to have to prove that you're one of the good guys. I've certainly been skeptical of a lot of supposed anti-spam websites that turned out to be nothing more than advertising schemes (for example, I was in part responsible for the FTC's investigation a few months ago of the subsequently shut down EthicalEmail.com site -- you may have heard the ads they were running on the radio about a "private national do not email registry"). It's good to ask questions, and I understand how things could look skeptical.... especially those Google ads.
We've had a running debate all day ourselves about whether we should pull down the Google ads. As you know, we have no control over what ads appear on that site. I have no idea why Google has decided to put up ads for mailers on some of our pages. When we've used Google to serve ads to the News Ticker on our Unspam site they've typically been spam filter companies. Our goal, since our means are modest, has been to simply cover the costs of our bandwidth and servers.
I was really, really surprised myself when the ads that appeared were for marketers. I tried initially to use the AdSense interface in order to block them. If you haven't used it, the way AdSense works is you have to list advertisers one at a time by their URL. There is no way to block an entire category. Unfortunately, enough bulk mailers are using Google's ads that they just kept appearing. I was about to pull the ads from the pages entirely when one of our developers -- who's a lot smarter than I am -- sent me an email saying:
"You know, this is sort of a sweet justice. The bulk mailers are paying to have their ads listed on our site. It's certainly an efficient way to transfer the wealth from the spam community to the anti-spam community. Talk about hitting spammers in their pockets!"
That's clever, I thought. While I'm not ready to say that everyone advertising there is a "spammer" (I don't want to get sued, or get the Google lawyers coming after me for violating the terms of service somehow) the reasoning above resonated and I (so far) decided to leave the ads up. To that end any page where an ad appears we've now added a disclaimer to the bottom. And there's a paragraph in the FAQ about the ads that appear. You can check it out here:
http://www.projecthoneypot.org/faq.php#e
I'm having second thoughts seeing that there's skepticism in the anti-spam community. I'd love your feedback. If people are adamant we should pull down the ads then I definitely will. Otherwise, again, seems like sweet justice.
As far as our "consulting," the people who started Unspam, myself included, are attorneys by trade. We are occasionally -- although rarely -- asked to speak at conferences to talk about the legal risk to companies and individuals that send unsolicited commercial email. That is the extent of our "consulting" practice. I, for example, spoke at Anne Mitchell's ISIPP conference in July and the majority of audience members were bulk mailers. I believe you can actually listen to a copy of my speech from the ISIPP website (http://www.isipp.org/). I was invited by the ITU, a branch of the UN, to speak about why anti-spam laws have failed in Geneva, Switzerland a few months ago. There are several other similar speeches online. For example, you can see a whole video at:
http://otel3.uis.edu/impatica/kmill2/Summit.htm
Click Lunch Speaker. Or, maybe most appropriately, I think there's video floating around from last year's MIT SpamConference where I was a speaker again and talked about the initial ideas that formed the basis for Project Honey Pot.... how, currently, spammers were most vulnerable at the beginning of the "spam cycle," the point at which they are gathering email addresses, but no one was focusing on that. I'm also told that the video from CEAS where I spoke about what we're trying to do with the Project will be available soon through the CEAS website (http://www.ceas.cc/). Watching my talks, you may or may not agree with everything I had to say, but I think it's pretty clear we're not spammers or in any way in support of spammers (or bulk mailers, or list brokers).
A couple of things I think you already know, but maybe it'd be good for the SURBL list to hear. First, we have never taken money from or been hired to consult with any spammer, harvester, bulk mailer, list broker, or ISP. (If our business were primarily consulting, we'd be fairly pathetic failures.) We started Project Honey Pot in order to help governments and individuals investigate, understand, and prosecute the spammers. We saw a problem -- that no one was tracking the entire spam cycle -- and are in the process of trying to solve it. One of the things we realized we could do once we had that infrastructure in place was assist other people in the anti-spam fight. We've already pledged to make the corpus of spam we receive available to anti-spam authors. And, as I've told you, we will turn over the complete list of URLs from the messages that we receive to the SURBL and potentially other open source RBLs.
The point that has been made on the list that spammers will adjust and I'm sure that is true. While today I think the number of IP addresses used for spamming is small, over time more harvesters will use proxies and other tools to obscure their identities. In our initial tests we observed at least a few that appeared to already be doing that. That's not a reason to not do this now, at worst it's just an indictment that we're wasting our time. I don't agree with that and think the Project will prove useful even as spammers adjust to it. But it should be said that I have never believed that we would make much, if any, dent in the overall volume of spam. All I think is that we have a chance to gather a lot more data on the behavior of spammers, to answer some key questions, and hopefully set the stage for someone a lot more clever than me to come up with the idea that will be the final nail in spam's coffin.
I just got a call from Eric Langheinrich, one of the people developers behind the software that makes Project Honey Pot possible, about a bug we're trying to track down and fix in the registration process. I told him people were saying we looked "too corporate." He started laughing and didn't stop until he finally said, "Wow, if they only knew! That's what you get for making a pretty website and including all that legal mumbo jumbo." Maybe that's our sin, but does seem like strange reasoning to say that we must be on the side of the spammers because our site is pretty....
So, with all that, I encourage anyone who wants to sign up to do so; we'd love to have as many website participating as possible. You can do so at:
http://www.projecthoneypot.org/
It's hard for us to prove that we're going to do what we promise because we've only been open for 3 days and, to be honest, have only received one spam message so far. (They're start flooding in soon. Our initial tests show that on average there's about 1 week between harvesting and the first messages to arrive.) If you're skeptical of our intent then I just ask that you give us a chance and wait and see how we behave.
Thanks to everyone who's donated MX entries and installed honey pots. In three days with no publicity other than than emails sent out to friends of ours about the launch we're up to about 50 installed honey pots and over 100 donated MXs. That's more successful than we could have ever hoped. If anyone has a question, you're welcome to email or call me directly and I'd be happy to do what I can to answer it.
Keep fighting the good fight!
Matthew Prince CEO, Unspam, LLC Adjunct Professor of Law John Marshall Law School 312.543.3046 (direct) phpot-surbl@matthew.unspam.com