Message Board

Newbie/Basic Questions

Vulnerable list of honey pot mail domains

Author: K.Yee (21 Nov 04 5:24pm)

Presumably the script you provide to generate honey pots either contains the list of honey pot mail domains, or retrieves the list somehow from the central project site. In either case, can't a spammer just get a copy of the script by signing up as a user of Project Honeypot, acquire the list, and filter out these honey pot addresses from their lists of harvested addresses?

Re: Vulnerable list of honey pot mail domains

Author: M.Prince (21 Nov 04 5:37pm)

The honey pot scripts contact our servers each time they hand out an address. There is no information that would be useful to a harvester contained in the script itself. Harvesters could still sign up for the Project and get a handful of the domains we use to construct honey pot addresses. However, we have several measures in place which would make it very difficult to collect anything close to a complete list. Moreover, every day our users are generously donating more and more MX entries with which we can construct honey pot addresses.

If we get popular enough I'm sure that spammers will make some effort to remove honey pot addresses from their lists. They will, no doubt, have some success at doing this. However, unless they can remove each and every address we'll still have the technological equivalent of a homing beacon following their every move. It's an arms race, but unlike filtering, it's an arms race where the anti-spam community is in the position of strength and the spammers are forced to constantly play defense.

Thanks for your interest in Project Honey Pot.