[SURBL-Discuss] In support of Project Honeypot

Christopher Albert albert.chris at gmail.com
Wed Oct 27 14:01:13 CEST 2004


On Wed, 27 Oct 2004 03:51:40 -0500, Doc Schneider <maddoc at maddoc.net> wrote:
> Jeff Chan wrote ..
> > Justin Mason mentioned Project Honeypot on the SpamAssassin Users
> > list shortly after they opened things up for public use:
> >
> > On Monday, October 25, 2004, 1:26:55 PM, Justin Mason wrote:
> > > http://www.projecthoneypot.org/
> >
> > > seems interesting, they plan to share their resulting corpora, and they
> > > seem like nice guys too [...]
> >
> > > --j.
> >
> > I've donated 25 MX records to Project Honeypot so far.  It looks
> > like a good project mainly to provide solid data for legal action
> > against spammers, harvesters, zombie deployers, etc.  I'd
> > encourage others to do likewise.
> >
> > Project Honeypot will also share their data with us so eventually
> > we may have another good source of spam URI domains for SURBLs.
> >
> > What they need now are more people to donate DNS MX records and
> > put up honeypots on their own sites.  (The two aspects are
> > separate; you can do either or both if you like.)  Their site
> > offers plenty of good explanations about legal, technical, etc.
> > areas of the project:
> >
> >   http://www.projecthoneypot.org
> >
> > So I'd like to encourage more folks to participate.
> >


Are you guys serious!?
Did you look at this page:
http://www.projecthoneypot.org/bots_and_servers.php 
The ads placed there do not look all  that encouraging:

http://www.expedite-email-marketing.com/index.htm
http://www.l-i-s-t.com/main_site/opt_in_email_lists.asp
http://www.classmates.com/cmo/reg/school/index.jsp
http://www.definitivedatabase.com/

You almost feel that this must be a joke.

In addition, this company  http://www.unspam.com/ 
http://www.unspam.com/fight_spam/about_unspam/busservices.html :

MARKETING COMPLIANCE

The patchwork of anti-spam laws makes conducting an email marketing
campaign risky even for legitimate marketers. Moreover, the
proliferation of spam filters can prevent your messages from getting
through even to customers who have asked for them. Unspam understands
these problems and can help legitimate marketers design email
campaigns that are legal and effective.

Finally, I'm not sure about how open they will be about the data received.
If they were committed to making the spam coropa public (say daily
tarballs), ripped out URLs for XML feeds to SURBL, fed relay IPs in
realtime to publically available DNSBLs, and created, say RBLDNSD zone
files from harvesting bot IPs, then that would be interesting.
However, if the commercial appropraition of open source technology
like that used in SpamAssassin or DCC is any indicator I wouldn't
count on it.

We do this now, seeding some websites with time/IP-stamped emails. It
takes a couple lines of PHP. The distributed idea is nice, but since
all the feeds go to one commercial company "run by lawyers and
computer scientists" (what a frankensteinian  graft!) whose goal is to
" help[ing] governments craft effective anti-spam laws and assisting
legitimate businesses in complying with them" I dont think I will
participate.

I think you guys are making a mistake by participating. We could do
this ourselves in a completely open and noncommercial way where the
information is available in near real time.

Chris Albert
McGill University
Network and Communicatins Services


More information about the Discuss mailing list