Author: V.Madsen (19 Oct 06 4:09am)
I recently joined the project, and I see that my honeypot has been visited a couple of times (45), but no spam has been received yet.
A bit puzzled by the lack of spam I set up another bogus subdomain with an MX pointing to a custom SMTP-tarpit I'm running elsewhere, and added some hidden email links to the same site that's hosting his project's honeypot. After just a few days, I have started receiving mail on several of the bogus addresses and identified the IPs of the harvesters in question - several of which were unlisted here.
So I think they're starting to become aware of us. Maybe it's time to be more tricky with regards to the MX of the donated domains. I'd be happy to set up an A record that points to the mxmailer, but even that can easily be circumvented if they check the IP of the MX, and not just the name. Having an easy way of setting up some kind of tunnel would be ideal, of course, but that might be a bit tricky for many of us. It would be virtually impossible to filter us out, though. :)