Internet · January 4, 2007 0

Project Honey Pot: Effective way of stopping / trapping Spam Harvesters

Almost everyone using an email account is plagued by hordes of spam mails that flood your inbox every other day. While some services like GMail offer excellent automated spam filters that effectively catch 99% of such spam mails, for many personalised services you’ve to manually train the spam filter or use your account with services like SpamAssassin which is a bit tricky for the average user.

Surprising part is that spams seems to pour in the moment one creates a new email address. How do the spammers get to know your address in the first place? Keep in mind that the average internet user visit loads of sites containing forums, content management systems, blogs etc. where one is usually required to sign-up for posting. While the email addresses used for signing up aren’t directly revealed to the general public – in many cases the users themselves carelessly leave them in forum posts and blog comments.

Such sites are prime targets for Spam Harvesters, which are automated bots (or robots) that keep visiting the popular sites over and over to try and dig out such email addresses to add them to the spam mail target list.

The time taken for you to get the first spam at a new email address can vary. If you’ve never given out the address anywhere on the net and the address doesn’t consist simply of your first or a last name you may not see spam for years. On the other hand, if you create a website and put your email address anywhere on the page, eventually it will be harvested by a spam bot.

There’s no known easy means of stopping such harvesters and webmasters are always at ill-ease about their visitors getting affected by such bots thus causing a drop in traffic. Probably the only effective way of preventing them is to somehow identify the top spam harvesters and shut them down before they manage to dig out all the emails from your site.

Munging or obscuring your email address may help to an extent but then again, the spam bots have gotten really clever and learnt to see through the munging attempts. It seems like a really frustrating situation with no immediate solutions in sight.

Most of the black lists used by email service providers are created from users reporting spam and emails hitting spam traps. Project Honey Pot takes this one step further by identifying the spam harvesters and bot / spiders that are used to crawl over your site using up your bandwidth and stealing your email addresses.

Any bot hitting your spam-trap is handed out a unique email address. If a bot follows the link to the honey pot and harvests this address, it’s action along with it’s IP is logged. The moment an email hits that particular mailbox a spam harvester is identified and added to the blacklist.

According to the site …

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

The process is really simple. All you’ve to do is sign-up at their site and they provide you with a script customised for your site. The script is allotted a random name making it difficult for the spam bots to recognise the same script on different domains.

You’ve to place this script in a folder that’s directly accessible through the web and add links to this script on your pages. Spambots crawling your site are bound to follow these links and fall into their spam trap which has been aptly named Honey Pot. This is one of the few different ways we can help stop the harvesters and help reduce spam.

An example can be seen if you view the HTML source of this page. It should contain an invisible link that links to a php script called humour.php in a folder named hp. You’re likely to find this link embedded below the content of each post.
You can host a honey pot on your website or if you don’t own a site you can display a link to the Project Honey Pots website to help educate others.

Stop Spam Harvesters, Join Project Honey Pot

The last way to help is donating free MX entries to the project. The more MX addresses they have the more variety of spam-traps can be created. If you have a domain names that you are not using you should donate up to 5 MX records for each.

The identified spambots / spam email addresses are collated, processed and shared with all the Honey Pot users. The same data is handed over to law enforcement agencies who track down and prosecute spammers. Harvesting email addresses from websites is illegal under several anti-spam laws, and the data resulting from Project Honey Pot is critical for finding those breaking the law. Additionally this data is shared with leading Anti-Spam solution providers to help build better preventive mechanism against spams.

If you read further into the concept, you’ll notice that this won’t stop spams directly on your site or email addresses, but helps in identifying the spam harvesters and their IP addresses.

Most of the times spam bot are operated on zombie hosts without the knowledge of the owner. Some of the larger ISP’s are strangely ignorant when it comes to spam bots and don’t shut them down when a complaint is lodged. One of the excuses are “This is a dynamic IP range and it could have been anyone”. (Translation, I’m working the abuse desk and I don’t feel like checking the log to see who was assigned that IP address at the time of the complaint!) or you receive an auto-response that doesn’t make sense or has anything to do with the problem you reported.

However, when they get a notice from the authorities the response seems to be a lot faster 😀

Thus, you not only help yourself but everyone else in the long run.

Sounds good? If you own a domain yourself, what are you waiting for?.

Stop Spam Harvesters, Join Project Honey Pot