Author: M.Prince (30 Aug 06 2:49pm)
Our plan, which is still in the formation stages, is to start putting forms on honey pots and watch who submits to them. Well-behaved web robots don't submit to forms. If we see submissions, we can not only record who is doing the submitting (by their IP) but also what they submit (e.g., what domain they're trying to promote). Just like now sending to a spam trap address labels you a harvester, submitting to a comment spam trap form will soon label you a comment spammer.
This information will get fed back into the HTTP:BL, which we hope to have up and running in the next few months. We're in the process of writing an Apache module that will allow you to query a DNS server and block known-bad robots -- be they comment spammers, harvesters, or whatever. (Dave's in the other room right now typing away on the C code for it.) As you very correctly note, we have a lot of "suspect" IPs that are stumbling across honey pots and doing things like comment spamming, but not harvesting, so we cannot verify they are "bad" yet. The plan is to try and provide as much informaiton on these IPs and allow you, the website admin, to make the choice about who you want to let onto your site.
I'm not sure whether the module/DNS infrastructure will be done before we start tracking comment spammers or not. However, I hope that at some point this fall we hope to have a fairly robust tool for blocking bad guys be they harvesters, comment spammers, or other misbehaving robots. As we get more people installing honey pots, we hope the tool will only grow more robust.
The current plan is to release the module under the GPL, so hopefully people will improve on it and port it to other platforms (like IIS). Again, all of this is still in the formation stages. If you have suggestions, please let us know.