Blue Security - Spam Solution?

Category: Spam

BlueSecurity.com has a bold plan to go after spammers. Have you reviewed this outfit? If so, what say you about it?

BlueSecurity is an attempt to create an anti-spam network. Members install special software that sends automatic complaints to websites that advertise in spam messages. The hope is that the "spamvertised" website will be flooded with complaints, effectively creating a denial of service attack that will make it impossible for them to do business.

I have doubts that this will work, and they extend beyond the ethics and legalities of participating in a denial of service attack.

These automated complaints generated by the BlueSecurity software are not emails. The software sniffs around the offending website looking for an order form, then fills it out with bogus data and submits it.

It would be trivial for these websites to put one of those "enter the random number you see in the picture" devices to prevent automated form submissions. And they could also automatically reject orders that do not contain valid credit card information.

If these defenses are breached, spammers can create a network of clone websites to absorb the denial of service attempt, or change their outbound emailing schedules so that a coordinated denial of service attack becomes difficult or impossible.

So I don't see how this will slow down the bad guys at all.

BlueSecurity also claims they will employ blacklists and whitelists to keep legit websites from being "blue bombed" by a nasty competitor. But there are hundreds of thousands of e-commerce websites on the Web. How can they possibly keep tabs on all of them, and know which are legitimate and which are spammer-operated?

It seems like a clever idea, but I just don't see it working on a practical level. And other prominent voices in the anti-spam community have dissed BlueSecurity for ethical lapses. See Internet Patrol's Blue Frog Not Only Spams Webforms, It's Blurry-Hashed For Extra Inaccuracy

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 23 Aug 2005


For Fun: Buy Bob a Snickers.

Prev Article:
Can't Share Laptop on Network

The Top Twenty
Next Article:
Spyware Removal

Most recent comments on "Blue Security - Spam Solution?"

Posted by:

Bill Robinson
23 Aug 2005

Isn't saying that a site uses possibly unethical means to stop spam rather like that company that advertises its diet supplement as being too expensive for ordinary dieters?

That is, by warning us how unethical we might be in stamping on spammers, it is an open invite to join it. That wasn't your real aim, was it? Anyway, you sure talked me into joining them.

EDITOR'S NOTE: I think you missed the point entirely. Using abuse to fight abuse is wrong. And in this case, since the BlueSecurity complaint will be posted with *your* IP address, the targetted website can trace this back to you and possibly sue you for attemping to disrupt their business.


Posted by:

Walter Graue
23 Aug 2005

Any solution to Spam looks good to someone like me who may review 150-200 messages daily and extract 8-10 valid addresses. The problem is that while the action may seem to satisfy by being vindictive, it misses the target. Many hosting and E-mail sites use
part of their profits to hunt out spammers among their customers and eliminate the addresses. One address out of a thousand doesn't hurt the spammer much.

I don't, like most of the rest of the Internet community, know how to eliminate Spam at the source, but after reviewing this, not only will participants risk legal liability, they'll end up injuring the wrong party. Ultimately each participant could become the target of a DOS attack, or worse. Spam has plenty of money to spend to protect itself.

EDITOR'S NOTE: Exactly my point! I hope you didn't see my post as any sort of endorsement of BlueSecurity.


Posted by:

Jamal Panhwar
24 Aug 2005

The idea is ok but the problem is that many spammers use others websites to send emails and this will eventually hit the innocent web site which was misused.

What they should do is that they should make spamassasin like softwares more reliable and make sure that networks dont get misused by the tricky spammers.


Posted by:

jay waltrip
24 Aug 2005

my isp,kills,all spam. so i,dont,have to worry,about.

EDITOR'S NOTE: If my ISP told me they were killing ALL spam, I would be very worried. It's just not possible to zap all the bad stuff without zapping some of your WANTED mail. If they don't provide a way to look into the "junk mail" folder to see exactly what they filtered, then chances are you're missing some messages.


Posted by:

M. O'Dea
24 Aug 2005

It would be great if we could abolish spam. Just like it would be great if we could abolish telemarketing. But to my eye 'we' are a huge part of the problem. By 'we', I mean 'consumers'. Seems to me a lot of spam and a lot of telemarketers would go away, IF *no one* EVER purchased anything from a spammer, or from anyone who called them on the telephone. Of course, in the case of spam the keys are *no one* and EVER. Humanity is sometimes just hilarious.

EDITOR'S NOTE: Amen, preach it! If people would just stop buying stuff from spammers, they would stop spamming. ISP's should be educating their customers and reminding them that it's BAD to buy from spammers.


Posted by:

Erly Alban
26 Aug 2005

I figure spam is what my 'delete' button is for. Also, if you are being spammed by people you buy from online, many of them have a "Remove from list" that takes you off their mailing list. It takes just a second, and a day or so, and you're off!


Posted by:

Jeff G.
27 Aug 2005

Someone tell Erly in that last post that the 'remove me' links within spam are totally bogus and using them just helps the spammers more.

EDITOR'S NOTE: Yes that's true if the message comes from an anonymous spammer... "remove me" = "spam me". But I think the other poster was referring to those situations where you get email from someone that you've purchased from, and you no longer want to be on their mailing list.


Posted by:

Fred Showker
03 Oct 2005

The concept is solid. We've checked it through legal and our programming geeks. HOW it is implemented is another matter, and this "Blue Frog" thing is NOT implemented correctly. It will never work. It would seem they've tried too hard to make it a "feature" rather than actually policing it the way it needs to be policed.

HOWEVER it WOULD work quite well for eliminating spam if implemented correctly ... we have run the computer models quite successfully.


Posted by:

gladys wallace-chambers
03 Oct 2005

i am a newbie to the net and e-commerce . one of the baby-boomers trying to catch up. but bob is right . just like a lot of innocents get stomped on in the name of home security i forsee nothing but trouble instead of solution. let's go back to the drawing board on this one.


Posted by:

Vince Chan
02 May 2006

The right to complain to marketers and have our wishes heard is something respected by other forms of markeing (tele, mail). Why it is not respected by spammers is because the cost of doing business online is far below those traditional media. To sum it up, they don't care. Interestingly, I've recieved threatening letters from spammers regarding this situation and pointing out bluesecurity specfically. So they are getting worried! I'd invite others to read a counter-point I found on this issue:

http://www.ranum.com/security/computer_security/editorials/bluesecurity/


Posted by:

Jason
03 May 2006

This week a spammer proved - without a shadow of a doubt - that BlueFrog / Blue Security really works.

I received several messages from one particular spammer, clearly upset that his/her spamming has turned right round and smacked him/her squarely in the face.

The first message, was anti-BlueSecurity rubbish, the second, third, fourth, etc were just rubbish. The next morning they sent a sob story - telling us “we don’t want to send you these messages but BlueSecurity are forcing us”. Well, I’m sorry, but they’re not; Spammers receive one complaint per spam sent - it’s completely fair.

I hope everyone signs up with BlueSecurity, and I hope more companies write similar software to combat these dispicable invidiuals raping our inbox. The spammers patehtic messages are posted here http://i-love-bluesecurity.blogspot.com/


Posted by:

Jister
03 May 2006

I think Bob and everyone here needs to read into this a little more. The BlueFrog only submits forms as many times as users have recieved spam from them. So I guess if the people being attacked are not able to keep their servers running because of the traffic well then they should quit working with spammers. I've checked out alot of the sites that my little frog is submitting too, and I'll gurantee that they should be taken off the web anyway. The only way this could be a DDoS is if the spammer sent millions of spam to BlueFrog users and then well they deserve it. So let the DDoS begin! Innocent websites my ass!


Posted by:

Buaya King
03 May 2006

I think the main point of "flooding" the spamvertised website is making spammers aware of Blue Security's Do-Not-Disturb list which contains the people who do not want spams nor would want to response to spams.

Spammers are basically spamming for makeing money from the spamvertised websites. It is pointless to spam people who are anti-spam and do not buy from spams. They are not making money from agitating people unless they are blackmailing or someone actually pay them to do so.

Blue Security's DNI list let spammers knows the list of emails they can omit from their list and save their troubles, resources and time, as well as bringing peace to Blue's subscribers. I see Blue Security's approach is a right one.

EDITOR'S NOTE: You might want to read this article, then: BLUE FROG “DO NOT SPAM” EMAIL LIST STOLEN AND SPAMMED 5/1/2006

http://www.theinternetpatrol.com/blue-frog-do-not-spam-emai-list-stolen-and-spammed


Posted by:

gulliver
04 May 2006

I think that this idea that Blue Frog is involved in DOS attacks is very far-fetched. The software simply posts a single form on an offender's website (and they only target websites when MANY people have reported spam advertising it) asking them to clean their lists.

EDITOR'S NOTE: Yes, and in the process they validate your email address to the spammers. For the same reason, I advise people not to reply to spammers, even to say "remove me".

If people would STOP BUYING STUFF FROM SPAMMERS, they would shrivel up and die.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Blue Security - Spam Solution? (Posted: 23 Aug 2005)
Source: http://askbobrankin.com/blue_security_spam_solution.html
Copyright © 2005 - Bob Rankin - All Rights Reserved