CircleID

Since its launch in October, 2004 Project Honey Pot has made some interesting progress in their war against spam email. The project is a distributed system used to identify spammers and spambots operating across the Internet. To put it simply, Project Honey Pot lays millions of traps around the Internet (66,393,293 as of this writing) baited with specific email addresses that are configured to forward received emails to the Project Honey Pot system. Since these are not email addresses used by real individuals virtually every email received is positively identified as spam.

Looking at their statistics it is hard not to be impressed with the effectiveness of this system: 85,989,816 spam servers identified; 1,546,419,133 unique spam messages processed through their system. Those may seem like huge numbers but in the scope of the Internet as a whole it is only a fraction of the mail flowing around the Internet. Recent estimates put global Internet mail traffic at 294 billion messages per day, or more than 2.8 million emails sent every second — that's 90 trillion emails per year. Unfortunately, those same estimates show that 90% of these messages contain some form of spam or malware content.

Spam remains one of biggest problems facing the Internet today. While dealing with spam and unsolicited commercial email (UCE) is annoying to say the least, the true burden is in the cost to corporations in bandwidth, delayed email, and employee productivity. The corporate mail server has become the new battleground in the war against spam. The typical Internet consumer often believes incorrectly that their Internet Service Provider (ISP) has a handle on the problem of spam. But Spam is a world-wide problem, however, and email systems around the world are not designed or configured in a consistent manner or managed to the same standards. Without any type of unified coordination or anti-spam standards there is no effective means to stem the growing tide of spam email, and the spammers know it.

To help tackle the spam issue, the information and statistics collected by Project Honey Pot are put to good use. The data is collated, processed, and shared with not only the participants in the project but with law enforcement, as well. As they state on the project web site, "Harvesting email addresses from websites is illegal under several anti-spam laws, and the data resulting from Project Honey Pot is critical for finding those breaking the law." Additionally, they periodically collate the spam data collected and share it with anti-spam developers and researchers. It is obvious that the team behind the project is serious about not only identifying and shutting down the sources of spam content on the web but also in locating and prosecuting the people responsible for it.

According to the statistics provided by the project web site, enough processing power current exists in the project to monitor an estimated 547,625,000,000 spam traps. Given the number currently monitored there is plenty of room for growth, and given the amount of spam we continue to see in our inboxes each day it is apparent the project needs more participants to continue the research and fight against spam email.

If you operate a web site it is easy to join the project. Simply visit the Honey Pot Project website at http://www.projecthoneypot.org. While it is free to join the project, you must be an official member to host a honey pot address on your web site or to access and contribute data.

Given the benefit to the global Internet community — and the impact the project can have — I would go so far as to say that web site operators should look at this not as an opportunity, but as a responsibility, to serve the community we participate in every day.

By Mike Dailey, IT Architect and Sr. Network Engineer. Visit the blog maintained by Mike Dailey here.

Related topics: Internet Governance, Law, Malware, Spam