The spammers win a round



There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here was that they were coordinating the responses of all their users – herding a “white hat” network of sorts.) Anyway, it was a successful concept at getting several of the top 10 to clean their mailing lists.It looks as though 6 of the top 10 agreed to clean up their mailing lists. Unfortunately, they were the subject of a Massive DDOS. They managed to recover and come back, but the dDos took out other sites as well and there were threats of more it seems.


Ultimately, they decided that they weren’t in a position to start a cyberwar and have closed their doors. So, the spammers have won a round and got rid of blue security. Mainly, because blue security was concerned about the risk to other sites AND they saw that it wouldn’t take much to keep their site offline (20,000 machine bot net of hacked/virus-laden home pc’s… which could be rented for maybe a couple thousand dollars according to the Security Fix….)

Sidenote – This is one reason making sure YOUR OWN pc is clean of malware including viruses/etc. Because if you’re online and you’ve got a trojan then you could be a pawn in this type of activity…. anyway…

Sunbelt blog has an interesting take on the demise of Blue Security saying that their main downfall was the fact they had a Do Not Mail list. 6 of the 10 spammers had agreed to clean the addresses on the Do not mail list from their mailing lists. Essentially here’s what they say…

However, BlueSecurity exposed their users to attack by having a Do Not Email list. While the list was not open, it was easy for spammers to find out who the users were, by simply running their lists of email addresses against the Do Not Email list. Who came back as not mailable was the BlueSecurity users. Then, the attack could start.

Of course, that’s exactly what happened.

The idea of being a proxy for Do Not Spam is not necessarily a bad idea. And I know it made people feel good to fight back, and I think legally fighting back is a fine good idea. But getting users involved invites the possibility of collateral damage. Such a fight should be done by a coordinated network of volunteers, with one face to the spammer. You expect spammers to respect your list? Good luck.

It is a shame because it seems like a good idea. Given that the download was open source, I suppose we could see someone else serious about killing spam take up the idea with more resources to withstand a dDos, but I really don’t know if there’s a company around that would really want to pick that fight.

   Send article as PDF   

Similar Posts