Justin Mason mentioned Project Honeypot on the SpamAssassin Users list shortly after they opened things up for public use:
On Monday, October 25, 2004, 1:26:55 PM, Justin Mason wrote:
seems interesting, they plan to share their resulting corpora, and they seem like nice guys too [...]
--j.
I've donated 25 MX records to Project Honeypot so far. It looks like a good project mainly to provide solid data for legal action against spammers, harvesters, zombie deployers, etc. I'd encourage others to do likewise.
Project Honeypot will also share their data with us so eventually we may have another good source of spam URI domains for SURBLs.
What they need now are more people to donate DNS MX records and put up honeypots on their own sites. (The two aspects are separate; you can do either or both if you like.) Their site offers plenty of good explanations about legal, technical, etc. areas of the project:
http://www.projecthoneypot.org
So I'd like to encourage more folks to participate.
Cheers,
Jeff C.
Jeff Chan wrote ..
Justin Mason mentioned Project Honeypot on the SpamAssassin Users list shortly after they opened things up for public use:
On Monday, October 25, 2004, 1:26:55 PM, Justin Mason wrote:
seems interesting, they plan to share their resulting corpora, and they seem like nice guys too [...]
--j.
I've donated 25 MX records to Project Honeypot so far. It looks like a good project mainly to provide solid data for legal action against spammers, harvesters, zombie deployers, etc. I'd encourage others to do likewise.
Project Honeypot will also share their data with us so eventually we may have another good source of spam URI domains for SURBLs.
What they need now are more people to donate DNS MX records and put up honeypots on their own sites. (The two aspects are separate; you can do either or both if you like.) Their site offers plenty of good explanations about legal, technical, etc. areas of the project:
http://www.projecthoneypot.org
So I'd like to encourage more folks to participate.
I signed up at that site. And will look into doing some of these things also. Hey I am, afterall, a Ninja! 8*)
-Doc
On Wed, 27 Oct 2004 03:51:40 -0500, Doc Schneider maddoc@maddoc.net wrote:
Jeff Chan wrote ..
Justin Mason mentioned Project Honeypot on the SpamAssassin Users list shortly after they opened things up for public use:
On Monday, October 25, 2004, 1:26:55 PM, Justin Mason wrote:
seems interesting, they plan to share their resulting corpora, and they seem like nice guys too [...]
--j.
I've donated 25 MX records to Project Honeypot so far. It looks like a good project mainly to provide solid data for legal action against spammers, harvesters, zombie deployers, etc. I'd encourage others to do likewise.
Project Honeypot will also share their data with us so eventually we may have another good source of spam URI domains for SURBLs.
What they need now are more people to donate DNS MX records and put up honeypots on their own sites. (The two aspects are separate; you can do either or both if you like.) Their site offers plenty of good explanations about legal, technical, etc. areas of the project:
http://www.projecthoneypot.org
So I'd like to encourage more folks to participate.
Are you guys serious!? Did you look at this page: http://www.projecthoneypot.org/bots_and_servers.php The ads placed there do not look all that encouraging:
http://www.expedite-email-marketing.com/index.htm http://www.l-i-s-t.com/main_site/opt_in_email_lists.asp http://www.classmates.com/cmo/reg/school/index.jsp http://www.definitivedatabase.com/
You almost feel that this must be a joke.
In addition, this company http://www.unspam.com/ http://www.unspam.com/fight_spam/about_unspam/busservices.html :
MARKETING COMPLIANCE
The patchwork of anti-spam laws makes conducting an email marketing campaign risky even for legitimate marketers. Moreover, the proliferation of spam filters can prevent your messages from getting through even to customers who have asked for them. Unspam understands these problems and can help legitimate marketers design email campaigns that are legal and effective.
Finally, I'm not sure about how open they will be about the data received. If they were committed to making the spam coropa public (say daily tarballs), ripped out URLs for XML feeds to SURBL, fed relay IPs in realtime to publically available DNSBLs, and created, say RBLDNSD zone files from harvesting bot IPs, then that would be interesting. However, if the commercial appropraition of open source technology like that used in SpamAssassin or DCC is any indicator I wouldn't count on it.
We do this now, seeding some websites with time/IP-stamped emails. It takes a couple lines of PHP. The distributed idea is nice, but since all the feeds go to one commercial company "run by lawyers and computer scientists" (what a frankensteinian graft!) whose goal is to " help[ing] governments craft effective anti-spam laws and assisting legitimate businesses in complying with them" I dont think I will participate.
I think you guys are making a mistake by participating. We could do this ourselves in a completely open and noncommercial way where the information is available in near real time.
Chris Albert McGill University Network and Communicatins Services
On 10/27/04 7:01 AM, "Christopher Albert" wrote:
Are you guys serious!? Did you look at this page: http://www.projecthoneypot.org/bots_and_servers.php The ads placed there do not look all that encouraging:
http://www.expedite-email-marketing.com/index.htm http://www.l-i-s-t.com/main_site/opt_in_email_lists.asp http://www.classmates.com/cmo/reg/school/index.jsp http://www.definitivedatabase.com/
You almost feel that this must be a joke.
I saw that also, and wondered a bit about it. Good concerns.
I think you guys are making a mistake by participating. We could do this ourselves in a completely open and noncommercial way where the information is available in near real time.
I would be one of the first to join, though we did sign up at the honeypot site but now that you bring up your concerns I think I will hold off for a bit and see what it really is all about.
On Wednesday, October 27, 2004, 5:01:13 AM, Christopher Albert wrote:
Are you guys serious!? Did you look at this page: http://www.projecthoneypot.org/bots_and_servers.php The ads placed there do not look all that encouraging:
Those ads come from google. I hardly think google are spammers. Lots of non-spammer pages have google ads.
http://www.expedite-email-marketing.com/index.htm http://www.l-i-s-t.com/main_site/opt_in_email_lists.asp http://www.classmates.com/cmo/reg/school/index.jsp http://www.definitivedatabase.com/
Eric Kolve, author of SpamCopURI, works for classmates.com. Does that mean SpamCopURI is made for spammers?
You almost feel that this must be a joke.
If you read the projecthoneypot.org site (or hear their talk) you'll see that what they're trying to do is build a technical and legal chain from the harvesters through to top spammers like Ralsky, Spamford Wallace, etc. I for one think it would be a lot of fun to see Ralsky sent off to federal prison along with the spammers he uses. That's one joke I'd laugh at.... ;-)
"Why is Project Honey Pot necessary? Anti-spam efforts to this point have generally focused on the tail end of the spam cycle. In order to send out their messages, spammers must gather addresses, procure contracts, send emails, and collect money. Unfortunately, whether through filtering, authentication or enforcement, nearly every solution to this point has tried to stop spammers at virtually the last step: sending messages. Project Honey Pot is an attempt to move earlier in the spam cycle and identify the "King Pin" spammers who sit at the top of the food chain and spend their time harvesting our addresses."
In addition, this company http://www.unspam.com/ http://www.unspam.com/fight_spam/about_unspam/busservices.html :
As far as I can tell Project Honeypot and the unspam company are separate operations. Project Honeypot appears to be 100% anti-spam. It seems very likely that only abusers will be caught in these pots.
Finally, I'm not sure about how open they will be about the data received. If they were committed to making the spam coropa public (say daily tarballs), ripped out URLs for XML feeds to SURBL, fed relay IPs in realtime to publically available DNSBLs, and created, say RBLDNSD zone files from harvesting bot IPs, then that would be interesting. However, if the commercial appropraition of open source technology like that used in SpamAssassin or DCC is any indicator I wouldn't count on it.
They already said they would give us URIs when they reach reasonably large spam volume. "They" being Project Honeypot.
SpamCop is now officially owned by Ironport, but it's SpamCop that gives us sc.surbl.org data freely and openly, not Ironport.
We do this now, seeding some websites with time/IP-stamped emails. It takes a couple lines of PHP. The distributed idea is nice, but since all the feeds go to one commercial company "run by lawyers and computer scientists" (what a frankensteinian graft!) whose goal is to " help[ing] governments craft effective anti-spam laws and assisting legitimate businesses in complying with them" I dont think I will participate.
While I admit government anti-spam efforts almost always fail or backfire, I won't fault these guys for trying to work with them.
Again this is for the unspam company. I don't see Project Honeypot working with governments. In fact I was just having a discussion with Matthew Prince about how to do legal action with the Project Honeypot data but without government funding.
I think you guys are making a mistake by participating. We could do this ourselves in a completely open and noncommercial way where the information is available in near real time.
Chris Albert McGill University Network and Communicatins Services
I think you misunderstand Project Honeypot. It is as open and noncommercial as SpamCop. I fully believe that the people doing it are trying to go after spammers in a potentially very effective and relatively open way. And they're making a definite effort to share their data.
I know some of the people working on this project and I can tell you they're whitehats.
Jeff C. -- "If it appears in hams, then don't list it."
Coments in-line...
On Wed, 27 Oct 2004, Christopher Albert wrote:
Are you guys serious!? Did you look at this page: http://www.projecthoneypot.org/bots_and_servers.php The ads placed there do not look all that encouraging:
http://www.expedite-email-marketing.com/index.htm http://www.l-i-s-t.com/main_site/opt_in_email_lists.asp http://www.classmates.com/cmo/reg/school/index.jsp http://www.definitivedatabase.com/
You almost feel that this must be a joke.
One small clarification needs to be made here. They are clearly using Google to serve ads. Google determine what ads to display based on the content of the page. As the page relates to spam it isn't terrible surprising to see these folks listed. The folks behind the site could spend a bit of time blocking out these advertisers to make the ads more appropriate.
In addition, this company http://www.unspam.com/ http://www.unspam.com/fight_spam/about_unspam/busservices.html :
MARKETING COMPLIANCE
The patchwork of anti-spam laws makes conducting an email marketing campaign risky even for legitimate marketers. Moreover, the proliferation of spam filters can prevent your messages from getting through even to customers who have asked for them. Unspam understands these problems and can help legitimate marketers design email campaigns that are legal and effective.
Finally, I'm not sure about how open they will be about the data received. If they were committed to making the spam coropa public (say daily tarballs), ripped out URLs for XML feeds to SURBL, fed relay IPs in realtime to publically available DNSBLs, and created, say RBLDNSD zone files from harvesting bot IPs, then that would be interesting. However, if the commercial appropraition of open source technology like that used in SpamAssassin or DCC is any indicator I wouldn't count on it.
We do this now, seeding some websites with time/IP-stamped emails. It takes a couple lines of PHP. The distributed idea is nice, but since all the feeds go to one commercial company "run by lawyers and computer scientists" (what a frankensteinian graft!) whose goal is to " help[ing] governments craft effective anti-spam laws and assisting legitimate businesses in complying with them" I dont think I will participate.
I think you guys are making a mistake by participating. We could do this ourselves in a completely open and noncommercial way where the information is available in near real time.
I don't think this project is as bad as you may think it is, but I would certainly support a more open version of the same. If anybody wants to start collaborating on something let me know I can provide some coding and server resources. However, it may make sense to wait a bit and see how the current site evolves before starting a splinter effort.
-- Andy Warner andy@andy.net http://spamvertised.abusebutler.com/
On Wednesday, October 27, 2004, 6:39:49 AM, Andy Warner wrote:
I don't think this project is as bad as you may think it is, but I would certainly support a more open version of the same. If anybody wants to start collaborating on something let me know I can provide some coding and server resources. However, it may make sense to wait a bit and see how the current site evolves before starting a splinter effort.
There's no need to wait. Would Justin and I steer people to spammers? I don't think so. I repeat: they are white hats.
These people have a good idea for stopping spammers which I'm supporting with my MX records.
Jeff C. -- "If it appears in hams, then don't list it."
-
Andy Warner -
Christopher Albert -
David Thurman -
Doc Schneider -
Jeff Chan