Trap Spammers with Project Honey Pot

Melanie Gross
Jul 1, 2009
Updated • Dec 28, 2012

Junk mail is always a pain to deal with. Some junk mail may be stuff you actually sign up for and lost interest in. Spam, however, is stuff that you never signed up for and is often sent to you after some bot saw your email address on some site. Nobody like spam. The people that harvest the web for email addresses likely hate spam as well. Spam is actually illegal and there are actually people out there who track spammers and try to make sure they see their day in court.

Project Honey Pot is a system designed with those who receive spam in mind. What this system basically does is sit on a site and watch for email harvesters. When it finds an email harvester, the honey pot logs information about the harvester into the Project Honey Pot system. This information is then built up into various sets of statistics that are used in court to prosecute spammers. One of the things that makes Project Honey Pot cool is that it shows all this data on their website for the world to see. This allows those curious about their own IPs to check and see if they are considered a spammer. It also offers information on various IPs and statistics such as the average amount of emails sent to the honey pot.

Website owners can do one of three things to help Project Honey Pot catch spammers. A honey pot can be added to any website which will watch for and log any suspicious data on that site. This is for those who have a web host and are willing to install the honey pot script onto their site. Those who don't have their website hosted or don't want to install a honey pot can install a QuickLink. When a bot visits a site, they likely visit other sites that the original site is linked to in order to find as many email addresses as possible. A QuickLink is a hidden, secret link that only bots can see and visit. The QuickLink will take the bot to a site that does have a honey pot installed. Another thing that webmasters can do is donate an MX record to the project. What this does is give Project Honey Pot an email address to receive spam. Project Honey Pot will use this email address to see what kind of spam the harvesters are sending among many other statistics. This option is for webmasters who have their own domain name.

Project Honey Pot is a completely free service that survives on donations and tshirt sales through CafePress. They also offer various other services such as a directory where users can look up information about various IPs, including IPs that are known to belong to dictionary attackers.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Art101 said on July 10, 2009 at 12:12 am

    It’s an excellent service with great features and high ethics in the fight against spam (and the creeps who scour sites to harvest addresses). It’s simple to set up and deploy. Users have access to an extraordinary collection of valuable data through their account panel. I carefully researched the project before signing on and spoke with one of the founders at length on the phone. As for Rarst’s “harassing legit users by IP” comment, I’ve never run into this problem and know of no one who has.

    I’ve deployed honeypots on 8 of my client sites. As of today, we’ve helped trap 5,642 harvesters in over 1,940,000 events. I highly recommend the service.

  2. Greg said on July 2, 2009 at 12:10 pm

    Actually, I’ve never had a problem with this. It was kinda cool to see how many people I helped trap. I think they do have a system where if your IP shows up for whatever reason, you can request that it be whitelisted.

  3. Rarst said on July 1, 2009 at 5:46 pm

    >What this system basically does is sit on a site and watch for email harvesters.

    Or harassing legit users by IP. Heard some unpleasant stories about this one.

    It is bad security idea to “enumerate badness”. It is bad security to rely on IP detection. Two in one.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.