Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Attacks on Spam

Posted by michael on from the war-machine-springs-to-life-opens-up-one-eager-eye dept.

AttackOfTheDictionaries writes "Project Honey Pot started operating back in November. The Project provides its participants with a script that generates fake webpages with unique honeypot email addresses. The end result is that Project Honey Pot can connect email harvesters' IP addresses with the spam received by those honeypot email addresses. Which is pretty nifty, but left some people asking how that would help legal attacks on spam. Well, it seems that some lawyer over at SecurityFocus has an answer."

7 of 153 comments (clear)

  1. Re:Simple. by RidiculousPie · · Score: 2, Interesting

    You now have an IP address, and a known port number.

    You're going to sit here and ask a crowd of slashdotter what to do with that list?

    Publish it. Right here baby. ;)

     As they note on the site, some of the IP addresses may be hijacked, and that's hardly a nice use of the power of slashdot.

    Although I am sure that some people would say that people should be responsible for their own system hijacked or not (indeed many/most ISPs would agree). Is DDOS ethical when used against spammers? Or were you suggesting an IP address blacklist? ;-), somehow I suspect you weren't

    Not where is that spam idea checklist to categorise it ....

    --
    ah, mod points ... now where is my crack?
  2. Follow the Money by Lemurmania · · Score: 5, Interesting
    I've never understood why more attention isn't paid to punishing the businesses who advertise via spam. However well the spammers hide their tracks, there's a real company somewhere that wants to exchange services for cash. Why not attack this at the root? Why not make it a fineable offense to advertise via spam? Or would it be all-too-easy for a company to claim it never asked for the spam to be sent in the first place?

    It just seems to me that if you punish the money, there would be little to no incentive to spam. Any IANALs (or IAALs) like to comment on why this would/wouldn't work?

  3. Re:Until they farm harvesting out to zombies... by Anonymous Coward · · Score: 1, Interesting

    No, because the honeypot project leaves you with two products:

    1. The crawler ips. Yes, zombies doing crawling might dilute this a bit, but if users realize they can't access web sites anymore (because of robot blacklisting) they may investigate.

    2. Pure spam and the servers it went through. This can be used to help blacklist email servers that spammers are using. This would be unaffected by zombie crawlers.

  4. Re:Simple. by mattyrobinson69 · · Score: 2, Interesting

    if somebody refuses to secure their pc, sod them. If theyre being DDOS'ed, they cant send as much spam - its their problem

  5. License agreements by TiggertheMad · · Score: 4, Interesting

    Ethan Preston, the lawyer that is linked to in the article above, mentions that the harvesters are forced to 'click through' a license agreement that has legal ramifications if broken. While this is a neat trick to put the screws to spammers, isn't it a bad idea in the grand scheme of things, as it lends more credibility to the 'click through' agreements that are packaged with software? If this were taken to court and upheld as valid, it could be used as a precedent.

    Now, admitidly, there is an important difference in that in one case you cannot read the agreement before buying the product, but the overall premise that such agreements can be legally binding would be the same. Also, since this is a tactic that has been developed to target harvesters, who the developers know will not be able to read or comprehend the agreement, wouldn't that invalidate the agreement. Simply: If I trick you into agreeing to a legal contract, is it any good in court?

    Also, as a side note, it would fall victim to all the same problems as EULAS. For example, if I was an evil spammer, I could probably get out of the clause by hiring a 17 year old to run the harvester for me, since a minor cannot enter into a legal contract, it would be no good.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  6. Re:This would be a bad thing (I am not a lawyer). by krbvroc1 · · Score: 2, Interesting

    Even ignoring any possible First Amendment issues (which can be done if we discuss this hypothetically occuring only in other countries) imagine what kinds of doors are opened when you permit automatic sight-unseen licensing to take effect on material on the WWW?

    Tell me about. This morning I posted a link here in Slashdot. At that link was an agreement that each visitor must pay me $50. With the slashdot in full effect, I think I will retire now.

    IANAL, but this 'binding' agreement thing sounds bogus. I think CAN-SPAM prohibited some harvesting, but I think the 'contract' non-sense is bullshit. For those who think they can get rich off of this, the only people who'll make money on *trying* this scheme will be the attorneys.

    But maybe I'm wrong, if EULA agreements can be posted on websites with the caveat that by opening a box you agree to it, perhaps this makes sense.

  7. Re:Friggin' No Good Lawyers! by Anonymous Coward · · Score: 1, Interesting

    I think a lot of people here are missing essential genius of this approach. Read the agreement. First, in order to be bound by the agreement you needn't simply access the page, but then subsequently sending to the address found there. If the harvester pleads that their machine accessed the page and it wasn't them then you can sue them under the CAN-SPAM Act for using automated means to harvest addresses. If they plead that they actually did it by hand, then you can sue them under the contract. Very clever.