On Wed, 27 Oct 2004 03:51:40 -0500, Doc Schneider maddoc@maddoc.net wrote:
Jeff Chan wrote ..
Justin Mason mentioned Project Honeypot on the SpamAssassin Users list shortly after they opened things up for public use:
On Monday, October 25, 2004, 1:26:55 PM, Justin Mason wrote:
seems interesting, they plan to share their resulting corpora, and they seem like nice guys too [...]
--j.
I've donated 25 MX records to Project Honeypot so far. It looks like a good project mainly to provide solid data for legal action against spammers, harvesters, zombie deployers, etc. I'd encourage others to do likewise.
Project Honeypot will also share their data with us so eventually we may have another good source of spam URI domains for SURBLs.
What they need now are more people to donate DNS MX records and put up honeypots on their own sites. (The two aspects are separate; you can do either or both if you like.) Their site offers plenty of good explanations about legal, technical, etc. areas of the project:
http://www.projecthoneypot.org
So I'd like to encourage more folks to participate.
Are you guys serious!? Did you look at this page: http://www.projecthoneypot.org/bots_and_servers.php The ads placed there do not look all that encouraging:
http://www.expedite-email-marketing.com/index.htm http://www.l-i-s-t.com/main_site/opt_in_email_lists.asp http://www.classmates.com/cmo/reg/school/index.jsp http://www.definitivedatabase.com/
You almost feel that this must be a joke.
In addition, this company http://www.unspam.com/ http://www.unspam.com/fight_spam/about_unspam/busservices.html :
MARKETING COMPLIANCE
The patchwork of anti-spam laws makes conducting an email marketing campaign risky even for legitimate marketers. Moreover, the proliferation of spam filters can prevent your messages from getting through even to customers who have asked for them. Unspam understands these problems and can help legitimate marketers design email campaigns that are legal and effective.
Finally, I'm not sure about how open they will be about the data received. If they were committed to making the spam coropa public (say daily tarballs), ripped out URLs for XML feeds to SURBL, fed relay IPs in realtime to publically available DNSBLs, and created, say RBLDNSD zone files from harvesting bot IPs, then that would be interesting. However, if the commercial appropraition of open source technology like that used in SpamAssassin or DCC is any indicator I wouldn't count on it.
We do this now, seeding some websites with time/IP-stamped emails. It takes a couple lines of PHP. The distributed idea is nice, but since all the feeds go to one commercial company "run by lawyers and computer scientists" (what a frankensteinian graft!) whose goal is to " help[ing] governments craft effective anti-spam laws and assisting legitimate businesses in complying with them" I dont think I will participate.
I think you guys are making a mistake by participating. We could do this ourselves in a completely open and noncommercial way where the information is available in near real time.
Chris Albert McGill University Network and Communicatins Services