Frequently Asked Questions (FAQ)

Question Categories

About Project Honey Pot

What is Project Honey Pot?
Project Honey Pot is a distributed network of decoy web pages website administrators can include on their sites in order to gather information about robots, crawlers, and spiders. We collate data on harvesters, spammers, dictionary attackers, and comment spammers. We make this data available to our members in order for them to protect their websites and inboxes.
Why is Project Honey Pot necessary?
Each day, thousands of robots, crawlers, and spiders troll the web. Website administrators have few resources in order to tell whether a visitor to a site is good or malicious. Project Honey Pot was created in order to provide this information to website administrators in order to help them make informed decisions on who to allow onto their sites.
Does joining Project Honey Pot cost anything?
No. There is no cost to join Project Honey Pot. By "no cost" we mean not only no fees, but also no indirect costs from spyware installation or any of the garbage some services try and pull. This is a community-based project to benefit the entire Internet community. If the service is useful to you, and you're in a position to help fund Project Honey Pot, we always welcome donations.
What is a "harvester"?
A harvester is a computer program that surfs the internet looking for email addresses. Harvesting email addresses from the Internet is the primary way spammers build their lists. Harvesters must connect to the Internet through an IP address. Project Honey Pot publishes the list of the top IP addresses used by harvesters.
What is a "spam server"?
A spam server is the computer used by a spammer in order to send messages. A substantial percentage of these computers do not belong to the spammers themselves, but instead are "zombies" compromised by viruses or other malware. Project Honey Pot publishes the list of the top IP addresses used by spam servers.
What is a "dictionary attacker"?
In addition to harvesting, spammers also use a technique known as a dictionary attack in order to find new email addresses. A dictionary attack involves making up a number of email addresses, sending mail to them, and seeing what is delivered. Dictionary attackers typically send to common usernames. A username is the part of the email address before the @ sign. Project Honey Pot publishes a list of the most common usernames dictionary attackers target. Project Honey Pot also publishes the list of the top IP addresses used by dictionary attackers.
What is a "comment spammer"?
Comment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer. The purpose of these links is both to drive traffic from humans clicking on the links, as well as to increase search engine rankings which are sometimes based on the number of links to a page. Project Honey Pot publishes a list of the top URLs, domains, and keywords being promoted by comment spammers. Project Honey Pot also publishes a list of the top IP addresses being used by comment spammers.
Jump back to top

Account Questions

How do I sign up for Project Honey Pot?
Anyone can sign up for Project Honey Pot for free. Click here to create an account. You'll be asked for some basic information and can be up and running in a matter of minutes.
How much does it cost?
Project Honey Pot is completely free. In order to stop spammers we need as many websites as possible to participate in the Project. If you know other people who would be interested in participating we hope you'll refer them.
Can I sign up for more than one account?
We'd prefer you only sign up for a single account. However, you're welcome to manage multiple websites under a single account.
What do I do if I've forgotten my password?
If you've forgotten your password we can reset it for you.
What do you do with my personal information?
Our overriding principle is that the little bit of personal information we ask you for in order to create an account is sacrosanct. We will never sell, rent, or otherwise share it without your permission. Our goal is to stop spam, not create more. For more information, please see our privacy policy.
Why do you ask for my zip/postal code and country?
Different jurisdictions throughout the world have different regulations on spam. For example, in the United States several individual states have passed laws regulating spam and harvesting. We ask for your zip and postal codes in order to get a sense of the particular anti-spam laws that protect you. If you don't want to tell us your postal code, we understand. Instead just enter 00000 or XXXXX or a very short poem or something.
Are all services available to account holders?
Most services are available to account holders immediately after they sign up. Some services offered by Project Honey Pot require that you be an active participant. For example, you may need to donate an MX record or install a Honey Pot before you are allowed to take advantage of some services.
Jump back to top

Installing A Honey Pot On Your Site

What is a honey pot page, and what does it look like?
We distribute Project Honey Pot spam trap addresses and other traps through honey pot pages installed on your site. These pages include a legal disclaimer as well as an email address. We mix up the page contents in order to ensure they are difficult for spam spiders to recognize. However, you can see a general example of what these pages look like here (the example page will open in a new window).
Are the spam trap addresses displayed on my honey pot unique?
Yes. The spam trap addresses are not only unique to your honey pot, they are also unique to each visitor to your honey pot. As a result, when we receive a message at a honey pot address your site displayed, we can not only tell when it was harvested, but also the IP address of the spider that harvested it.
Are spam trap addresses the only things displayed on a honey pot page?
No. We include some legal text forbidding certain malicious behavior. This text is randomized from honey pot to honey pot to make it difficult to identify. Depending on the visitor to the honey pot, we may also include links, forms, or other HTML elements in order to test the visitor.
I can't see any spam trap addresses when I visit my honey pot, is it working?
We try and hide the spam trap addresses from human visitors to honey pot pages. If you see the legal text then your honey pot has been activated and is working. If you see a target and message, follow the instructions in order to activate your honey pot. Importantly, don't forget to include links to your honey pot from your website's pages once you have finished installing your honey pot.
What does a Project Honey Pot spam trap address look like?
Hopefully just like any other email address. While we can map each spam trap address to the date, time, and IP address of a spam spider harvesting your website it's extremely difficult for a sender to tell which addresses in their list are traps.
How does a honey pot catch comment spammers?
In addition to including specially tagged spam trap addresses, some honey pots also include special HTML forms. Comment spammers are identified by watching what information is posted to these forms.
I run a corporate network, can you customize the look of the honey pot I install on my site?
Yes. On typical honey pots we include legal text which generally forbids malicious behavior. If you run a large network, we would be happy to customize the look of honey pots you install in order to ensure your corporate counsel signs off on their installation. Please contact us if you are interested.
If I add a honey pot to my site, will spam trap addresses it displays look like it comes from my domain?
That depends. If you donate an MX entry from your domain to Project Honey Pot you can specify that the spam trap addresses displayed on your site only contain that domain. If you do not donate an MX entry then the spam trap addresses created for your site will use "public" domains other users have donated. In this case, the spam trap address will not contain your domain.
Won't I get more spam if I put a honey pot on my site?
No way. You won't receive any more spam as a result of adding one of our honey pots to your site. Any email sent to the spam trap addresses we distribute will be received directly by our servers. Since we share the information about what IP addresses are malicious you can block these from visiting your site.
Will adding a honey pot to my site increase the load on my network?
It shouldn't increase your network load much at all. Spam sent to one of our spam trap addresses goes directly to our servers and never passes through your network. Honey pot pages are small and fairly quick to load. If installed correctly, human beings should rarely visit the pages that include honey pots, meaning that your average user won't notice anything different about your site after you install honey pots on it.
Are there ways to protect the real email addresses displayed on my site?
The Project Honey Pot spam traps will help you track the robots trying to steal email addresses from your website. You can protect the email addresses you need to display on your site by using some techniques to hide them from these robot email harvesters. To learn more, visit our tutorial on "How to Avoid Spambots."
Can any site add a Project Honey Pot honey pot?
Many can, but not all. Honey pots can be added to most websites that support dynamic content and scripting languages. To install honey pots on your site, you will need the authority to install executable programs on the server hosting your site (e.g., access to the cgi-bin directory). We currently offer direct support for websites built with PHP, Perl, mod_perl, ASP, Python, ColdFusion, SAP Netweaver BSP, and Movable Type (v.2.6+, you can get more information about our MT plugin here). We generally publish our script software under the GPL. If there's a solution we don't support, but you know how to make it work, drop us a line. We are always looking for ways to bring Project Honey Pot to more websites.
I don't have the ability to install software on my site, but I still want to help?
No problem. While we especially value every honey pot that is installed, we know that many people who want to help run sites on services that do not allow the installation of software (e.g., Blogger, Typepad, Facebook, etc.). You can still help by including QuickLinks to others users' existing honey pots. To learn more, see the QuickLinks FAQ below.
Is there technical support available to help installing Project Honey Pot on my site?
Unfortunately, it's impossible for us to offer official tech support. This is a project to benefit the community; it generates only a meager budget through ads and monetary donations. As a result, we need to keep costs down. We do provide a Message Board on our site where newbies can ask questions of current participants in Project Honey Pot. If you're having trouble installing honey pot addresses on your site, you might want to look there.
Jump back to top

Including QuickLinks

What are QuickLinks?
QuickLinks are a quick and easy way for anyone who can post to a website to help trap malicious web spiders. We have found that the best honey pots installed online are the ones with the most in-bound links to them. QuickLinks allow users who may not be server administrators to still participate in Project Honey Pot simply by including a link on the pages they post to.
Can anyone install a QuickLink?
Anyone who has the ability to post to a website can install a QuickLink. QuickLinks are perfect for bloggers or other users of services like Typepad who maintain websites but don't administer the underlying server. We prefer you install a full honey pot if you are able to. But, if you cannot, you can still help by including QuickLinks on your websites.
How many QuickLinks am I issued?
Every user is only issued a single QuickLink. You can, however, include this one QuickLink on as many sites as you want.
How do I make sure real people don't click on the QuickLinks I include on my pages?
Instructions on how to hide QuickLinks from human visitors are provided on your QuickLinks page. We encourage you to be creative and use HTML, CSS, and Javascript to hide your QuickLink so it is not seen or followed by human visitors but still seen by the robots who visit your site.
If I install a QuickLink, can I still see the statistics for the spiders I've helped identify?
Yes. Each QuickLink we issue is unique and tied to your account. You will see information about all the spiders you help trap.
I don't want people to QuickLink to my honey pot, how do I stop them?
You can choose whether to make a honey pot you have installed sharable during creation. If you choose not to share your honey pot, it will not be included in the pool used to generate QuickLinks for other users.
Help! I just checked and my QuickLink doesn't point to a honey pot anymore?
Very rarely a honey pot may be taken down by its user. If this happens, any QuickLinks pointing to that honey pot will no longer be valid. Login to your account and visit the Manage QuickLinks page in order to be issued a new QuickLink.
Jump back to top

Donating An MX Record

What does it mean to donate an MX entry to Project Honey Pot?
In terms of action on your part, donating an MX entry involves simply changing a setting in your domain's DNS record. Specifically, to donate an MX entry you simply need to add an MX entry to your DNS record such that the donated domain or subdomain points to the Project Honey Pot mail servers. After registering with Project Honey Pot our system can walk you through the exact changes you need to make.
Can anyone donate an MX entry to Project Honey Pot?
You can only donate an MX entry to Project Honey Pot if you own a domain and are able to add MX entries to its DNS record. Even if you cannot donate a domain, you can still add a honey pot to your site or include a QuickLink on your pages.
Why should I donate an MX entry for my domain to Project Honey Pot?
In order for our spam trap addresses to be as effective as possible, they have to be hard for a spammer to distinguish from otherwise valid addresses. By getting the Internet community to contribute their addresses, our pool of available domains from which to create honey pots increases. As the pool increase, the chance a spammer will be able to distinguish honey pot addresses from otherwise valid addresses decreases.
Will donating an MX entry from my domain affect my existing email?
It need not affect any existing email. We suggest donors who are currently using their domain for other purposes create a MX entry specific to a subdomain. Email sent to your overall domain, or another subdomain, will still be directed to your mail server as before. Only addresses under the donated subdomain will become honey pots. For example, imagine you control the domain EXAMPLE.COM and you donate the MX entry for the subdomain CATCHEM.EXAMPLE.COM. Mail sent to existing accounts, such as YOU@EXAMPLE.COM, will still go through as before. On the other hand, honey pot addresses, like HONEYPOT@CATCHEM.EXAMPLE.COM, will be sent directly to us. This way your existing email addresses are unaffected, and there is no additional load placed on your network.
When choosing the subdomain or domain to donate, please keep in mind that the donated domain or subdomain may become unusable for mail receipt if it is withdrawn after participation in Project Honey Pot. Therefore when donating you should choose a domain or subdomain that you do not intend to use for mail receipt in the future. Additionally, it is important you only donate domains or subdomains that have never been used for email in the past.
Will donating an MX entry from my domain affect web traffic to my site?
Nope. The DNS MX entry only affects email to the subdomain you donate. Other web traffic will still be routed to your site as it was before.
Can I donate an MX that is already receiving spam?
Please try not to. In order for us to ensure the integrity of our data we need the domains we use to construct email addresses to be "virgin." If you have a domain that is already receiving spam, you can still donate the MX of a subdomain under it. For example, if EXAMPLE.COM is receiving spam, you're still welcome to donate HPOT.EXAMPLE.COM, so long as the donated subdomain has never been used for mail previously.
Is it difficult to donate an MX entry for a domain of mine?
We've tried to make it as easy as possible. You need to have access to the DNS records controlling your domain and be able to create new MX entries. Assuming you meet these criteria, it is relatively easy. The first step is to visit our website and select the option to donate your MX entry. We will provide you instructions from there on how to add an MX entry to your DNS file. The whole process should only take you a few minutes.
What's the maximum number of MX entries I can donate per domain?
We limit the number of MX entries donated per domain to a total of five (5). Again, our goal is to ensure that spammers cannot figure out any pattern to our spam trap addresses. We fear that allowing more than five MX entries donated per domain could compromise that goal.
What is the difference between private and public MX entry donations?
When you donate an MX entry to Project Honey Pot we allow you to designate it either a public or private donation. If you designate your donation as private, only honey pots you create with the same account will be allowed to hand out honey pot addresses with the domain. On the other hand, if you donate the MX entry as public, any member of Project Honey Pot will be able to benefit from your donation. We prefer public donations to private donations.
Can I display on my site's honey pots only spam trap addresses created from my own donated domain?
Absolutely. Whether you initially mark your donation as public or private, when you choose the specifications of the spam trap addresses that will appear on your honey pot page you can designate that only the domains you have donated will appear.
Can I revoke or change the donation of an MX entry?
Of course, at any time you want. While we hope you'll continue to allow us to use your donation to catch spammers, if you decide you need your registered MX entries for something else, or you simply don't want to be a part of Project Honey Pot anymore, you can always revoke your donation. You can do this by deleting the MX entry pointing to our servers from your DNS server. The only thing we ask is that, if possible, when you revoke your donation you let us know by logging into your Project Honey Pot account and indicating the MX entry should no longer be included in our pool of available domains.
If I revoke a donation, what happens to the addresses that were already distributed?
They will bounce back to the spammer just like any other inactive email address. While we won't be able to track what spammers are abusing them anymore, their bounces should not create significant harm to the network.
Is there technical support available to help me donate an MX entry?
Unfortunately, it's impossible for us to offer official tech support. This is a project to benefit the community; it generates only a meager budget through ads and monetary donations. As a result, we need to keep costs down. We do provide a Message Board on our site where newbies can ask questions of current participants in Project Honey Pot. If you're having trouble donating an MX entry, you might want to look there.
Do I have to install a honey pot on my site in order to donate an MX entry?
Absolutely not. We need as many MX entries as we can get. We encourage you to donate an MX entry for any domain you control, even if you don't include a honey pot on your site.
Do I have to donate an MX entry in order to install a honey pot on my site?
Nope. While we encourage you to donate because every MX entry donated makes Project Honey Pot more effective, you do not need to donate an MX entry in order to install a honey pot on your site.
Jump back to top

Using http:BL

What is http:BL?
Http:BL is a way for website administrators to take advantage of the data generated by Project Honey Pot and keep malicious or suspicious IPs off their websites. The service works by publishing DNS records for IPs we have seen conducting suspicious or malicious behavior online. Website administrators can then use this data in order to restrict access to their web servers for these IPs.
Is this another DNSBL for mail servers?
No. Http:BL reports on IP addresses used by harvesters, comment spammers, and other suspicious robots visiting web pages. It does not include the IP addresses of the mail servers used by spammers. There are lots of great mail server DNSBLs out there, including those maintained by Spamhaus, SURBL, Spamcop, etc. We are not trying to recreate the wheel.
Can anyone use http:BL?
You need to have an account and an access key in order to use http:BL. To be granted an access key you must be an active participant in Project Honey Pot. Qualifying as an active participant is easy: simply install a honey pot, donate an MX record, or refer people to the Project Honey Pot website. We operate on the community-based principle that those people who contribute to a service should be the ones who benefit from it.
I am a web administrator, how can I take advantage of http:BL?
We have created an Apache module that automatically queries http:BL when visitors arrive at your website. The module allows you to block access to your site, or otherwise restrict the content served back to visitors, depending on whether they have been identified as suspicious or malicious by Project Honey Pot. You can download a copy of the Apache module from our http:BL downloads page. The module is published under the GPL open source license. We encourage developers to contribute enhancements to the code.
Do you support other web servers than Apache?
The http:BL service is platform agnostic, however we currently only have a module to take advantage of the service for Apache. Over time, we expect other applications to be developed around the http:BL service, including modules and plugins for other web servers, and we encourage developers interested in doing so to contact us.
I'd like to build an application around http:BL, is that possible?
We enourage you to do so. We have published an API with the details of how http:BL queries work and what the responses mean. All users of your application must still have an access key. If your application will generate significant load, please contact us before allowing the public to access it.
I'd prefer to download your zone file rather than query your DNS servers, is that possible?
We encourage high-traffic users to download the http:BL DNS zone file to their local DNS server rather than querying against our servers. The zone file can be RSYNCed on a regular basis. If you are interested in this service, please contact us.
Where can I find my API key?
Your API key is found on the top left of your Project Honey Pot Dashboard. It will be the first line under "Your Stats". Alternatively you can find it here.
If I have more than one website, do I use the same Access Key on all of them?
Yes, you certainly can.
Jump back to top

Whitelisting

What is the "Whitelist Delay" or "Whitelist Penalty"?
The "Whitelist Delay" or "Whitelist Penalty" is a delay applied to the amount of time that an IP whitelist request remains pending. This delay increases everytime a whitelisted IP is delisted due to detected bad activity. The delay starts at 5 seconds and scales up after each delisting.
Jump back to top

Monitoring Your IP Space

How can I monitor my IP space?
Project Honey Pot allows owners of IP space to monitor for any malicious behavior happening on the IPs they control. The free service reports any harvesting, spamming, dictionary attacking, or comment spamming we observe occurring within your IP space. This service is intended for ISPs, ESPs, and other companies with large blocks of IP space.
How much does it cost to monitor my IP space?
We allow basic monitoring for free, however you must be an active Project Honey Pot user. Basic monitoring include one range up to 256 IP address, 5 individual IPs, or the IPs under one AS Number. If you need to monitor more IP space, please contact us.
What is the trial period?
Project Honey Pot users may begin using the monitor services for a 30-day trial period. At the end of that period, the services will continue to function so long as the user is an active participant in Project Honey Pot. Qualifying as an active participant is easy: simply install a honey pot, donate an MX record, or refer people to the Project Honey Pot website. We operate on the community-based principle that those people who contribute to a service should be the ones who benefit from it.
How will you notify me if someone is using my IP space to conduct malicious activities?
You can choose to receive alerts to your email address whenever malicious activity is detected from your IP space. Additionally, all reports of suspicious activity occurring from your IP space will be reported on your personalized monitoring page.
How quickly will you notify me after you see suspicious activity?
Monitoring reports are issued automatically by the system. These reports are processed several times a day. The lag time between the suspicious activity taking place and our notice being sent to you should never be longer than 24 hours.
Jump back to top

Miscellaneous Questions

Why are you advertising "spammers" on your website?
On select pages throughout our site we place advertisements served by a third party provider. We have very little control over what ads are displayed. These ads very occasionally are for bulk mail services or other products that may seem surprising. Please remember that an ad appearing does not necessarily mean Project Honey Pot endorses the product being advertised. Undoubtedly, many of these advertisers are legitimate bulk mail providers who follow good emailing practices. Some, however, may be spammers. Some may even be harvesters. Regardless, remember this: they are paying to have their ads on our site. Our belief is that if they want give us their money in order to offset the costs of bringing this service to you for free, that's fine with us. If you see an ad that you don't think should appear, please let us know and we'll add it to our blocked list.
Do you support IPv6?
Not at this time.
Can I join Project Honey Pot if I live outside the United States?
Yes. Spam is an international problem and we need to work together in order to fight it. Anyone is welcome to join Project Honey Pot. We're happy to work with your local law enforcement in order to track down spammers who are abusing your network resources, please don't hesitate to put them in touch with us.
We already have members from more than 100 countries around the world. To see a list of the countries where we currently have members, click here.
Can I join Project Honey Pot if I live inside the United States?
Um... yes.
Can I refer a friend?
Absolutely!
Do I get anything for referring a friend?
The more people who you refer to Project Honey Pot, the more we increase your karma score. A higher karma score allows you use of more of Project Honey Pot's services. You can also increase your karma score by donating an MX, installing QuickLinks, or, most of all, installing a honey pot.
Can I get a tax deduction for my MX entry donation?
Probably not. But check with your accountant and local tax authority. And, if you pull it off, let us know.
Does Project Honey Pot support Open Source development?
Yes! We want as many developers as possible to help with this project. We use Open Source software and, where possible, have licensed the software that we've developed under the GPL. If you want to contribute to Project Honey Pot, drop us a line and we'll get you involved.
Jump back to top

Finding More Information

If the above FAQ does not answer your specific question, please visit our Message Board where you can find more information and post questions for experienced Project Honey Pot users to answer.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | CloudFlare Site Protection | Contact Us

Copyright © 2004–14, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email