Message Board

Bugs & Development

Older Posts ]   [ Newer Posts ]
 Design Docs
Author: J.Ellinger   (7 Mar 05 1:19pm)
Is there a published set of design thought that explains some of the choices about how the system works?

For example, I think the idea of a different email per request or per IP is flawed because it is so suspectable to simple counter-measures. If I were a spammer, I'd add a rule that says
If I harvest and email that looks randomly generated, fetch it a second time.
If it changes, discard.

I'd like to know the thought/assumptions behind the approach, especially the usage scenerios. Right now, I think that the complexity of the implementation will limit adoption, even by sophisticated developers.

Josh
 
 Re: Design Docs
Author: M.Prince   (7 Mar 05 3:51pm)
Josh --
We don't publicly explain all our backend systems in order to avoid exactly the conditions that trigger certain behaviors. For example, you assumption that we hand out a different email address per page load is incorrect. The rules are more complicated than that and can be adjusted on a honey pot-by-honey pot, visitor-by-visitor basis.

Moreover, the "if it looks randomly generated" criteria is going to be tough to evaluate. Unlike other attempts to track harvesters which generate email addresses that may look like:

157252010251.20050307144339@xyz.internet.com

Ours look much more typical, like:

john.smith@xyz.example.com

A general point is important to note, however. While this is an arms race, Project Honey Pot sits in the position of strength here, unlike with filtering. Any changes harvesters make to avoid our spamtraps create a weakness for them. We can not only adjust our systems to avoid their adaptations, but also broadcast those weaknesses to real sites so they can implements them in order to keep their real addresses safe from harvesters. In other words, if harvesters begin ignoring some addresses I think we can declare a pretty significant victory.

All that said, you are correct: surely some harvesters/spammers will be able to avoid some of our honey pots and spamtrap email addresses. But, over time, it will be very tough to avoid them all. And once one of our addresses is on one of their lists we have a homing beacon which can track their behavior and map their network over time.

Matthew.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email