Author: P.Hauser (22 Aug 07 10:05am)
Well, how about the "reverse" idea of this question:
Would be something like a "notification submit API" from a Honey Pot client to your database!
Consider the following scenario:
A harvester and a mail server, that you have already proved to harvest one of your adresses and the server that has already sent mail. Once this fact is published here, a Honey Pot client user will then block this harvester to avoid SPAM.
Thus at the same time the client user Honey Pot becomes sort of useless for this harvester (and mail server) and the amount of information for your database decreases from a blocked Honey Pot client.
However the blocked harvester might still be active, since it is just a "stupid" script chasing from one target to the next.
To prove this activity of a proved AND blocked harvester against your database, a Honey Pot client could first check, if an IP is a "proved harvester" and if the return is so from the database, it could report this (blocked) activity of a known harvester to the database from the Honey Pot client. The report to the public could be the harvester IP of course and a timestamp of last activity.
If you just do such an API-automated "feedback" with proved harvesters, it will not "poison" the data, rather the information level of known (and blocked) harvesters will be increased.
The point is that once a harvester is considered as proved here it will be blocked by the user and hence it cannot submit anymore any addresses to its mail server.
SPAM amount decreases for the single user, who blocks the harvester, but so far also such "in vain" harvester actions are ignored from the Honey Pot, though the harvester visited the client.
Also a timestamp for your published SPAMs could be helpful just like the timestamp of a blocked harvester. But I guess you don't wanna publish this here since the SPAMMERs might read it here and adjust their strategies.
OK, no answer to that then ... . ;-)
A submit API for a Honey Pot client on a voluntary basis to use would be helpful for you certainly and it should not poison the data, -yes!
Check e.g. IP 188.8.131.52 and my comment for my "reverse" idea! A submit API would only automize my comment there (or in your database).
Post Edited (22 Aug 07 10:08am)