As the developer of user level spam prevention suite http://www.whyspam.me and a frequent user of mailinator and the like. We need all hands on deck to really shine a light on spammers and to highlight the companies out there doing a great job!!

Keep up the good work honeypot, here's to the next billion!

I wonder where lines are drawn in regards to spam when it comes to net neutrality. I remember listening to an owner of a local ISP talk about how how spam could easily overrun their capacity to serve paying customers if they couldn't control what was moving over their bandwidth. It's a side of net neutrality that most people don't seem to consider.

2.5 petabytes is a quite a bit of bandwidth being eaten up.

I suppose an ISP's customer could opt-in to receive spam. I'm sure there will be many takers :)

This is too radical a correlation. The issue is the protocol - it was designed to let colleague in academia and military to exchange messages (with all the weight of their collective social contracts bearing on their use of the system). It wasn't designed to allow sleazy characters across the globe to engage in harassment through messaging.

Maintaing 'net neutrality' in conjunction with committing to the necessity of evolving net protocols to address end user responsibility is a viable path forward. If the choice comes to rewriting software stacks or giving up certain rights, then I'm 100% on the side of the rewrite. (Its just code, after all.)

I like how the #1, 3, 4 and 5th most frequently seen spam subjects are ads for increasing hits to a website - in other words, spam messages for sending ... more spam.

(I assume that something like "Feed Blaster" or "Hit Blaster" is really just a spam sender at it's heart)

It seems a potentially effective approach to phishing scams would be to set up a huge network of honeypots and do automatic responses to the phishing servers with bogus information.

At that point, you could try to swamp the real account info with the bogus, or you could also inform the financial institutions what the bogus info was so they could watch for it and set up sting operations.

Does anyone know if this type approach is used, and if not why?

This is very hard to do; you'd probably have to write a bot to feed reasonable but false data into random forms, and then coordinate it.

You'd also be wasting a lot of bandwidth; in this sense it is as useless as those "let's DDOS them back!" approaches to fight spam.

Blue Security did exactly that with it's http://en.wikipedia.org/wiki/Blue_Frog program.

It was very very effective. So effective that spammers got together and DOS'd them, to the point that they were forced to shut down.

No one (currently) is willing to try it again. A P2P version designed to handle a DOS was attempted, but never went anywhere.

What a story! Thanks for the link.

If they really did find the solution to Spam and were killed for it, it's a wonder that someone with deep pockets, think Google or MSoft doesn't do this again with monstrous bandwidth and power behind it. It would be costly, but imagine the PR win for removing spam from the internet.

If smtp could be linked to an iTunes style payment processing system, those billion spam messages would result in $10 million (assuming a penny per email) and quite possibly reduction in spam.

If smtp could be replaced ...

I wonder why the government hasn't actively gone after the "harvesters" in the U.S. If this report is correct, they seem to play a very active and important role in the global spam ecosystem.

Harvesters are in a sort of legal grey area, from what I can tell. If the information is publicly available, then why shouldn't anyone be allowed to access it, or use technology to automate access? I'm sure that Google has millions of email addresses from crawling sites alone.

Of course there are more obvious methods that are clearly illegal, and I agree that the governments should enforce the laws more actively.