How AOL can seriously spank spammers
Jun. 24th, 2004 09:54 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gizaFollowing up on yesterday's entry where I noted that AOL's customer list was stolen, it has since occured to me that there may be a silver lining in this for AOL. Since the list was their complete customer list, chances are that some of the screennames on that list were created only for internal use and have never been seen by the outside world.
However... what if one or more of the screennames in that internal list weren't actually used... what if they were honeytokens instead? A honeytoken is a piece of information that has no legitimate purpose, but its value lies in the unauthorized use of that information. In this case, if AOL created some screennames that were unused and never intended to be e-mailed, one could assume that anyone who DID send e-mail to them was in possession of the list that was stolen.
Legally speaking, what that would amount to is "possession of stolen property", which is obviously illegal. And given that AOL has a pretty good track record of slapping around spammers and that they just made an example from one of their (ex-)employees, I wouldn't be surprised if they decided to do so again on some spammer who spammed a honeytoken address. Any spammer with half a brain would want to avoid spamming their customer list. But with most spammers out there, that might be aiming a bit high...
However... what if one or more of the screennames in that internal list weren't actually used... what if they were honeytokens instead? A honeytoken is a piece of information that has no legitimate purpose, but its value lies in the unauthorized use of that information. In this case, if AOL created some screennames that were unused and never intended to be e-mailed, one could assume that anyone who DID send e-mail to them was in possession of the list that was stolen.
Legally speaking, what that would amount to is "possession of stolen property", which is obviously illegal. And given that AOL has a pretty good track record of slapping around spammers and that they just made an example from one of their (ex-)employees, I wouldn't be surprised if they decided to do so again on some spammer who spammed a honeytoken address. Any spammer with half a brain would want to avoid spamming their customer list. But with most spammers out there, that might be aiming a bit high...