Fighting spam via Project Honey Pot

In an effort to help combat spam, I’ve joined Project Honey Pot.

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it …

We collate, process, and share the data generated by your site with you. We also work with law enforcement authorities to track down and prosecute spammers. Harvesting email addresses from websites is illegal under several anti-spam laws, and the data resulting from Project Honey Pot is critical for finding those breaking the law.

Additionally, we will periodically collate the email messages we receive and share the resulting corpus with anti-spam developers and researchers. The data participants in Project Honey Pot will help to build the next generation of anti-spam software.

This project is just in its infancy, and hopefully it will help make a difference in the continuing struggle against. I urge you to take a look, and if possible, join the project. Let’s all work together to stop spam.

Leave a comment


  1. This seems at first glance to be a very good idea. I was looking at their stats tho on their home page and currently they have only received 2 spam e-mails, no harvesters and only identified 1 spam server. So, how long have they been at this? Hopefully not long at all.

    But, I might give it a try. I believe this is a sound theory, I guess just need more people to participate. I don’t know how you find these projects (phpGedView, Honeypot) but I’ve liked all the projects you’ve come across. 🙂


  2. Project Honey Port has online been on-line for about 5 days now, and it will take a while for some momentum to build. An email from the head of the project provides a little more insight.

    It’s hard for us to prove that we’re going to do what we promise because we’ve only been open for 3 days and, to be honest, have only received one spam message so far. (They’re start flooding in soon. Our initial tests show that on average there’s about 1 week between harvesting and the first messages to arrive.) If you’re skeptical of our intent then I just ask that you give us a chance and wait and see how we behave.

    They have committed to provide the information that they collect to the SURBL (Spam URI Realtime Blacklist) project. The SURBL project has made a significant impact in the fight against spam.

    As for how I find projects, sometimes I just get lucky. In this case I was reading a mailling about SpamAssassin, and the poster (one of the SpamAssassin developers) made an off-hand remark about the project. It seemed interesting so the rest is history.

  3. Ken —
    Thanks for the link and the kind words. Judging from our logs, lots of visitors to the Project Honey Pot site have come as a result of your referral. We appreciate it.

    We’ve been open a bit longer now so I thought I’d respond to the comments above. We’ve definitively caught about 20 IPs harvesting addresses. We have a bunch more we suspect but do not have enough evidence yet to publish. You can see the list of harvesters online at:

    Global Harvester List

    Click on any of the IPs on that page, or on the pages under that page, in order to see their details. The idea is that you can surf your way through spammers networks…. seeing how harvesters and mail servers are associated.

    A couple of surprises so far. First, we’re astounded how few messages we have received. We expected and architected for a flood, so far it’s just been a trickle. Part of the lesson may be that the real danger doesn’t come from the average harvesting but from the the guy who harvests and then sells a CD of “100M emails for $19.95.” It could be there are some spammer “king pins” out there making money off these sort of CDs or lists of addresses without ever sending a single message. If so, we’ll soon know more about them. And they’re lists will be mined with our honey pot addresses — immediately revealing anyone foolish enough to buy one.

    Second, we’re encouraged by some of the initial results. Our hypothesis going into this was that harvesters would be more closely associated with the actual spammers than the proxies they’re using to send their messages. Again, the initial data seems to bear this out. Check out the following links:

    Example 1 Example 2 Example 3

    These three harvesters, which seem to be generally representative, are almost certainly all the same individual or group of spammers. While they’re bouncing their messages off machines around the world, they’re using fixed, leased lines to do their harvesting. That means there’s likely to be a paper trail back to a real identity. Harvesting alone is against the law which may lead to all sorts of new avenues for prosecution (see, for example, our page on the subject), the Project may also identify spammers for even traditional prosecutions.

    We’re really encouraged, if somewhat surprised, by the initial results. Thanks again for your support!

    Matthew Prince.
    CEO, Unspam, LLC
    Adjunct Professor of Law
    John Marshall Law School

  4. Matthew,

    Thanks for the kind and detailed followup. It shed a lot of light on the goings on with Project HoneyPot. I too am a little surpised at the seemingly low volume of spam that you have seen, but I belive that the project can go a long way towards combating spam. I wish you and your team the best.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: