The Spam Experiment

Friday, January 07, 2005

Project Honeypot

I just listed my site over at Bloglines. It allows me to track other blogs and stay up to date. It also allows me to show my visitors blogs I'm currently reading.

While visiting Bloglines I found a link to some other spam blogs. One of them described a new anti-spam project called Project Honeypot.

This is an interesting idea.

A HoneyPot is a trap. It is intended to track the hacker, spammer, etc. and report back vital data on their behaviors. Usually in the security world a honeypot would be some sort of decoy computer that is setup to log all activity. It has vulnerabilities hackers are known to exploit. It then allows security officials to track that hacker's behavior. They can build intrusion detection signatures based on their activity. They can track the activity back to the source. They can log the data to help them prosecute the hacker.

In a spam enviornment honeypots usually help track spam. Several vendors have created honeypots to help them get spam and create rules to filter that spam out.

Project HoneyPot is tacking a novel approach to this idea. They give you a special code to put on your web site where you would normally insert an email address. When a spammer visits the site and steals the email address, the address is slightly modified. You might consider it to be "encoded" with special data. Each time the address is displayed it is unique because the encoding on the page.

The encoding allows the people at Project HoneyPot to track exactly when the spammer visited your site and to track the ip addresses used to "harvest" your email address. Many spammers use specially written software programs (Spambots) that surf the internet looking for email addresses to "harvest" and put on their spam lists.

Project HoneyPot will help you track those spammers. They propose to also help you prosecute those spammers and to provide this data to anti-spam vendors.

For example some of the vendors might be able to include these ip address ranges in a firewall or web proxy which allows them to block those spambots from harvesting emails off your web site.

It doesn't help John Doe directly... Because John Doe doesn't have a web site. However if you are a web site owner, blogger, etc. You might want to register for Project HoneyPot.

- Ben
ben@benfitts.com

5 Comments:

Post a Comment

<< Home