Taking advantage of a CAN-SPAM law clause which makes harvesting e-mail addresses for spam illegal, a Chicago attorney has worked up something he calls Project Honeypot.
The endeavor is designed to trap the spammers’ crawler software that hunts for and harvests e-mail addresses.
Matthew Prince, whose Unspam company developed Project Honeypot, said the three-month-old project includes a software program Webmasters can use to beat the spammers at their own game, by turning their Websites into magnets for harvesters and generating fake e-mail addresses for the spam crawlers to harvest—while recording the addresses of the crawlers and the times and dates the crawlers arrived.
When that happens, Prince said, the Honeypot program zaps the fake address from a site but leaves it valid as a mailbox, and the address being fake means no legitimate mail can go there. And, from there, he said, detectives begin building their cases against the spammers using those crawlers.
Prince also said he anticipates spammers figuring out ways to program their crawlers to evade such “honeypot” programs, but he’s ready with countermeasures, though he has yet to disclose those.
Project Honeypot’s spoof addresses and Web pages get the spammers in another way: the addresses and pages may be fakes but the licensing agreement that comes with them is legitimate—and legally binding.
The harvester agrees to terms when collecting, storing, transferring, or e-mailing the unsuspected fake e-mail address, while accepting a prohibition for robots using more system resources than a person might when visiting.
When agreeing to the license, the harvester also consents to litigation in the courts where Project Honeypot participants live, meaning Project Honeypot users can drag a spammer into court from anywhere in the country – or the world.
According to several reports, more countries are updating arbitration laws to include electronic agreements like the Project Honeypot licensing agreement.
At this writing, Project Honeypot claims to have generated 71,993 spoof e-mail addresses and received 2,501 total spam pieces through them, including 525 pieces of spam and 429 harvester crawlers identified this week.
