Author: M.Prince (7 Mar 05 3:51pm)
We don't publicly explain all our backend systems in order to avoid exactly the conditions that trigger certain behaviors. For example, you assumption that we hand out a different email address per page load is incorrect. The rules are more complicated than that and can be adjusted on a honey pot-by-honey pot, visitor-by-visitor basis.
Moreover, the "if it looks randomly generated" criteria is going to be tough to evaluate. Unlike other attempts to track harvesters which generate email addresses that may look like:
Ours look much more typical, like:
A general point is important to note, however. While this is an arms race, Project Honey Pot sits in the position of strength here, unlike with filtering. Any changes harvesters make to avoid our spamtraps create a weakness for them. We can not only adjust our systems to avoid their adaptations, but also broadcast those weaknesses to real sites so they can implements them in order to keep their real addresses safe from harvesters. In other words, if harvesters begin ignoring some addresses I think we can declare a pretty significant victory.
All that said, you are correct: surely some harvesters/spammers will be able to avoid some of our honey pots and spamtrap email addresses. But, over time, it will be very tough to avoid them all. And once one of our addresses is on one of their lists we have a homing beacon which can track their behavior and map their network over time.