Author: S.Goodman (20 Feb 05 4:27pm)
This would work the great majority of the time, but would have an occassional false positive that would make it harder to use for automated data collection. For instance, any of your correspondents that mistyped a single letter of the local-part of your email address would wind up in the catch-all inbox. My address is sethg@GoodmanAssociates.com, so if someone made the typo sethh@GoodmanAssociates.com, it would go to the catchall account and be considered spam. I suppose that the Project Honeypot tools _could_ notice that the misspelled address was not one that was given out by the honeypot script, but that is extra work.
I assume that the existing scripts do have to look up the local-part for the mail received for each donated sub-domain to figure out what the harvester IP was, so perhaps if the lookup fails, that could be used as an indication of a false positive for this case. Such a script addition would also discard dictionary attack spam against the harvested sub-domain, which would be a pity.
I don't know if Project Honeypot considers addresses with local-part variations as sufficient proof of harvesting or if they require it to be an address that they specifically handed out. IANAL, but it would seem that if the sub-domain is _never_ used except by the honeypot script, that would be sufficient proof of harvesting. Maybe someone with legal knowledge could address this.