Whitedust Security talks honeypots, and all the fun you can have with them. For those just joining, a honeypot is a system put online to entice hackers - once they break in you get to study what they are up to. You can also set up a honeypot in the form of an email box, catching spammers coming to you and reporting them to blacklists.

My first thought is that’s what research groups are for - sys admins generally don’t have time for that stuff

The first Slashdot participant on the matter brought the point home:

“In addition to all of the things on the network I normally have to do at the office let me set up an entire phantom network just to “jack” with hackers. Yeah, I’ll get right on that.”

Like security pros, these folks need a little more respect. So researchers, why don’t you get to work on that?

The FTC has been on a roll. They know CAN-SPAM doesn’t work and continue cracking down on the sleaziest of spam - all the while politicking for change.

Now they are enlisting additional help, across borders, and technical too. The name of the game this time is proxypot, as in spam honeypots placed on open proxy servers that spammers are likely to target for distribution of their messages.

No doubt it is an interesting approach. Honeypots have been used for a while to get spammers on blacklists, and now they are being leveraged for criminal action. The only thing I wonder is how long it is going to be before spammers start screaming entrapment.