Author: M.Prince (4 Aug 06 12:16pm)
Wow. I'm going to have to change your username on the Board to Dr. Grumpy! ;-)
1. You are absolutely correct: we do share the data with some companies, we just don't charge anyone anything for it. For example, the Internet Law Group, which has been a partner from day one, gets a feed off Project Honey Pot. They represent companies like AOL and use it to help track down spammers who are violating the law. (Jon Praed, the firm's senior partner, has been referred to as the "Spamhunter General" by the UK press.)
There are some IP reputation services that get our data in exchange for data they share back with us. At times, we've provided collected corpuses of our spam to researchers for them to study (we released a copy of about 100,000 messages at CEAS a year ago which anyone could download). And there are some other folks who we provide feeds to in exchange for using software or services (such as John Graham-Cumming's excellent software Polymail which we're going to begin using to classify spam messages we receive into different categories; as soon as we get it running we'll be able to say: "This harvester is primarily responsible for Viagra spam, this other harvester is primarily responsible for phishing messages, etc..." It's going to be cool!).
Finally, I really like the SURBL and think it's run very responsibly by Jeff Chan and his crew. We've owed them a feed for a LONG time and are finally getting that setup. If you want to benefit directly from the spam sent to Project Honey Pot, I'd suggest signing up with the SURBL service (which I believe is free to most, if not all, users). (PS - one of the reasons I like the SURBL is that they actively check the domains before they include them on their list, whitelisting legitimate companies. This eliminates the "Amazon" problem I described above.)
At some point in the future might we charge commercial entities to access the data, but we don't currently do so. And, even if we do provide the data to commercial entities, we would shy away from giving it to traditional RBLs because of all the documented challenges such systems face, and the particular challenges I've discussed above with the Project Honey Pot system.
2. Yes, there is a way to write to us with "business inquiries". Occasionally people do. Up to this point, we've typically said no. However, at some point we may charge someone for access to the data. We just don't currently.
3. Two of the three people who started Unspam, myself included, are attorneys. Given that, it's a wonder we didn't put a "TM" after every sentence on the website. I doubt we'll file for a registered trademark at any point. But, even if we did, so what? Groups like the Red Cross have trademarks -- and enforce them vigorously -- does that make them any less public minded?
4. I'm not sure what you mean by your analogy. Maybe you mean that if we stop harvesters then we won't be able to track them anymore. That actually is a concern, but there are some pretty obvious solutions. For example, we could route known harvesters to a honey pot page immediately upon visiting a HTTP:BL protected site. But the more salient point is this: our goal is to stop harvesting, not just to track it.... or in the language of your analogy, we'd be thrilled if we could effectively plug our ears! But maybe I'm just not understanding what you're getting at.
5. I agree this was a weakness in our system. We've recently started doing some things that help minimize the ability to sniff out honey pots in the way you describe. We constantly monitor the ratio of spam received at traditional spamtrap addresses (like the ones you describe) versus those we specially construct. What has surprised me is that we can see no statistical evidence spammers are doing what you describe. That doesn't mean it won't happen in the future. If it does, we have some tricks in our back pocket to adjust. As with many parts of the spam problem, this is an arms race. The nice thing in this instance is that the spammers have to adapt to us -- putting them on the weaker side of the race -- rather than us adapting to them.
Please don't hesitate to write to us if you have ideas on how to improve the Project or use its data in interesting, creative, thoughtful, or productive ways. We're always willing to consider them.