Message Board

Tracking Harvesters/Spammers

Older Posts ]   [ Newer Posts ]
 Can I view copies of the spam I catch?
Author: J.White5   (16 Aug 07 9:31am)
I have a number of honeypots set-up on UK based sites I own.

When I catch UK harvesters, I'd like to have a crack at taking them to court, as Nigel Roberts did. (See http://spamlegalaction.pbwiki.com/)

Is there any way I can gain access to copies of the spam I've caught, along with the message header?

Thanks,
Jon
 
 Re: Can I view copies of the spam I catch?
Author: M.Prince   (19 Aug 07 12:04pm)
We archive the copies of the spam on the mail servers that receive the messages, and then on a compressed backup server. None of these machines are web accessible, so our current architecture does not allow us a mechanism to easily display the messages of the spammers you help catch. Some information about those messages is relayed on to the database server and can be pulled up from there on one of the web servers (e.g., the subject line, the from line). It would be a major rearchitecturing to provide a mechanism to look at the messages themselves. While I'd love to do it, we're barely holding the wheels on right now with the resources we have. I don't anticipate throwing the messages themselves into a database and making that database accessible is something that we'll be doing any time in the short run.
 
 Re: Can I view copies of the spam I catch?
Author: M.Prince   (19 Aug 07 12:07pm)
By the way, we'd be happy to help you go the other way. In other words, if you receive a spam message on your own machine, you can look up the IP of the sending server on our site and use that to determine the associated harvesters. If you do file a court action, we'll be glad to help round up data from our feeds in order to help you quantify the harm the potential harvester has done. It's not that we toss the data, it's just that it's not currently stored in a way that make it easy to lookup quickly. Make sense?
 
 Re: Can I view copies of the spam I catch?
Author: P.Hauser   (20 Aug 07 3:55am)
M.Prince wrote on (19 Aug 07 12:07pm):

"[...]In other words, if you receive a spam message on your own machine, you can look up the IP of the sending server on our site and use that to determine the associated harvesters.[...]"

---

Check for that my comments e.g. for IP 213.27.99.203. This works even within a CIDR 213.27.99.0/24 range:

You receive a SPAM in this example from an IP 213.27.99.152. You look for the IP here and receive here a response with some more IPs in the neighborhood and some harvester addresses.

Then you put all your "ancient", whatever is left, apache-logs into a separate directory and do a grep for the CIDR/24-range of the honeypot claimed harvesters or even the claimed mail-server CIDR /24-ranges.

Would be grepping with a regex something like (^208\.66\.195\.) in this example here for the claimed harvesters and there you're done ...

Hth

Post Edited (20 Aug 07 5:10am)



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email