Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Anti-Spam Lawsuit To Be Filed In VA

Posted by kdawson on from the honey-pot-paying-off dept.

Rick Zeman sends us to the Washington Post, which is reporting that a John Doe lawsuit will be filed in US District Court today in spam-unfriendly Alexandria, Virginia. The suit will be filed by Project Honey Pot, which is having a week of big announcements. The suit seeks the identity of individuals responsible for harvesting millions of e-mail addresses on behalf of spammers. From the Post: "The company is filing the suit on behalf of some 20,000 people who use its anti-spam tool. Web site owners use the project's free software to generate pages that feature unique 'spam trap' e-mail addresses each time those pages are visited. The software then records the Internet address of the visitor and the date and time of the visit. Because those addresses are never used to sign up for e-mail lists, the software can help investigators draw connections between harvesters and spammers if an address generated by a spam trap or 'honey pot' later receives junk e-mail."

5 of 77 comments (clear)

  1. how about a link to the actual article? by Anonymous Coward · · Score: 5, Informative

    which is here

    1. Re:how about a link to the actual article? by Anonymous Coward · · Score: 4, Informative

      Or what about a link to the Project Honey Pot page that explains the lawsuit and contains a link to that Washington Post article?

  2. Re:Yeah but what will the judge think by thona · · Score: 2, Informative

    ::Theres a hundred ways an account can get an email ::(spam or not) without it being mined specifically ::by the future defendant. How? I put up a new email account. Noone ever uses it. It is only shown on a website for ONE page (i.e. next visitor gets another account). Nopw, I grant that someoone may mistype an address. But then - this will not result in a lot of emails coming. q.e.d.

  3. Re:RIAA tactics to catch spammers? by daeg · · Score: 3, Informative

    They aren't seeking the identity of the unintentional middlemen involved, or are, but only so far as to find the identity at the end of the tunnel, so to speak. If they identify the particular botnet involved, they can attempt to trace it back to whoever controls it, installed it, or locate who picked the bundle of addresses up.

    And even if they can't find the end person, they can at least educate the zombie PC owners using a real-world example instead of the fear tactics used to push crapware like Norton Internet Security.

  4. Harvesting is the only source here by Kelson · · Score: 2, Informative

    Theres a hundred ways an account can get an email (spam or not) without it being mined specifically by the future defendant.

    The way Project Honeypot works is this:

    1. A webmaster puts a script somewhere on his site.
    2. The webmaster then puts hidden links to that script such that most human visitors will not notice them.
    3. Bots crawl the site, and access the script.
    4. The script contacts Project Honeypot, which generates a unique email address (or several) and a legal statement explaining that you do not have permission to use the email address. Date, time, and IP address are logged along with the email address generated.
    5. Legit bots, like search engine spiders, won't do anything with the addresses picked up from the script. But address harvesters will eventually hand the address to a spammer.
    6. If spam is received at the email address, Project Honeypot knows:
      • The spammer picked up the address from a harvester, either directly or indirectly.
      • The IP from which the harvester connected, and when.