A Different Kind of Honeypot Project

Honeypots are excellent tools for preemptive forensic investigation. They let you see what intruders are targeting in your network, monitor their activity, capture their exploits, and more. So when I think of honeypots, that's typically the image that comes to mind. But a new type of honeypot project is aimed squarely at spammers.

Project Honey Pot is a community effort that aims to identify spammers and email address harvesters and put them out of business by eliminating their ability to deliver spam and thus hitting them where it hurts most: in the pocketbook.

The way it works is relatively simple. Web developers insert special code into their Web server platform that communicates with Project Honey Pot servers. The code grabs unique email addresses (tied to the IP address of the Web site visitor) from Project Honey Pot servers that are then inserted into the Web site dynamically. The email addresses of course are spam traps operated by Project Honey Pot. So when robots or people harvest those addresses and mail arrives in those traps, the project can track and identify the spammers.

Project Honey Pot also operates a new blacklist DNS system (called http:BL), similar to those used by email DNS blacklist providers. Web site developers can use Project Honey Pot's API to query the http:BL DNS servers by using a Web site visitor's IP address. The DNS query results reveal whether the visitor is a known harmless search engine robot, a known spammer, or a known email harvester. Code written by the Web developer can then take action based on the visitor's categorization. For example, If the DNS query returns info that says the visitor IP address is that of a spammer, code can prevent the visitor from posting a comment and thus prevent comment spam.

Overall, I think the project is a pretty good idea. Integrating a spam trap into your site isn't incredibly difficult. After you sign up for an account, you can download ready-made code in one of several languages, including Active Server Pages (ASP), PHP, Perl, Python, ColdFusion, and more. You drop the code into your Web site and make a link to it somewhere. If you run Apache, module code is available that you can integrate directly to work with http:BL. You can also donate MX records from your own domains that will be used to create spam traps shared at Project Honey Pot.

So far, the project has identified more than 15,000 email address harvesters and 2.5 million spam servers and currently operates more than 2.2 million spam traps. Last week, the project announced that it has filed a $1 billion lawsuit, the largest antispam suit ever, against spammers for harvesting email addresses and spamming Project Honey Pot members. The suit comes as a result of two years of tracking spammers.

You can read more about the suit at the first URL below (click the days of the week on the left-hand side of the screen to see other recent announcements, including integration information). If you're interested in joining the project, visit the home page at the second URL below, where you'll find a link to register along with links to a FAQ and more.

http://www.projecthoneypot.org/5days_thursday.php

http://www.projecthoneypot.org