Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 Fundamental Problem?
Author: P.Grigor   (22 Nov 06 9:58am)
Not to poo-poo the honeypot concept, but what's stopping spammers from simply detecting the *honeypot* mail exchangers (which can easily be determined by signing up to project honey pot, making a dummy page and detecting the mx server forwarded to) and putting these on a "no mail" list? For example, it seems that one domain used is mxmailer.com. Why can't spammers simply "blacklist" this domain? True that you would still detect pages crawled, but that hardly constitutes harvesting activity. Both Googlebot and Yahoo's crawler have slurped up my honeypot page.

It would seem to me that, in order for the concept to be successful, individual mail recipients (i.e. people that donate an MX entry) would need to generate random email addresses then receive the spam email directly and report back to the honeypot project, otherwise the central nature of the project would compromise it's efficacy.

Am I missing something here?
 
 Re: Fundamental Problem?
Author: M.Nordhoff   (28 Nov 06 7:29am)
The spammers could also check the IP of the mail server. PHPot only uses a few. It's a known problem, but there's not much that can be done about it. PHPot doesn't want people running their own mail servers and forwarding mail to PHPot because that isn't totally trustworthy.

I think they've said that spammers aren't doing that detecting yet, though.

- Matt, but not the one who works on PHPot.
 
 Re: Fundamental Problem?
Author: M.Prince   (29 Nov 06 12:30pm)
Yep, it's a weakness. We do some things to spot it:

- We rotate our mail server IPs occasionally and watch what happens. If spammers were filtering based on the deliver-to IPs then we'd expect a temporary increase in volume after such a rotation. When we have done that we haven't seen such an increase.

- We have some domains that use non-standard MXs. They are handed out too. We monitor the volume of spam they get compared with standard MXs. So far, statistically, there is not a difference.

- We are working on increasing both the number of in-bound IPs and in-bound MXs. There will always be a finite number, but our hope is that we can spread them around a bit more in order to make it challenging for spammers to figure them out. This is something we have in process right now.

In a weird way, if we did find that spammers were filtering based on an MX or even a deliver-to IP then we'd have a new tool to stop spam. We'd quickly just set up a forwarding service and you could route your legitimate mail through us -- stopping a bunch of spam without any risk of false positives. Again, we haven't seen any evidence that such filtering is happening now, but I harbor no illusion that it won't happen at some point in the future.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email