On Wednesday, April 9, 2003, at 09:38 AM, Kee Hinckley wrote:
That's the major flaw with the honeypot solution. It deals very
poorly with evasion. As soon as honeypots become a problem, spammers
will begin to write more sophisticated tests that try and detect
honeypots.
I posted an easy way to get around honeypots the other day -- regular
tests. Easy to do using a small array of captive accounts, hard to
catch.
Any solution that's so easy *I* can pull a way to isolate it off the
top of my head is something not worth spending energy implementing,
because it's a solution that works only because spammers haven't had
enough hassle from it to work around it. That's not even an arms race,
that's throwing snowballs at a tank. It'd take us a lot more time and
energy to build up a honeypot system annoying enough to amek them
notice than it'll take for them to build a system to make that honeypot
system useful only against stupid spammers.
So IMHO, it's a bad place to spend our energy, but it won't even slow
down the smart spammers, and we don't need sophisticated tools to catch
stupid ones.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg