|
Click the comments link on any
story to see comments or add your own.
RSS feed
![[Valid RSS]](http://www.taugh.com/valid-rss.png "Validate my RSS feed")
|
Home :: Email
24 Jul 2005
A new company called Blue Security purports to have an innovative
approach to getting rid of spam. I don't think much of it. As
I said
to an Associated Press reporter:
"It's the worst kind of vigilante approach," said John Levine, a
board member with the Coalition Against Unsolicited Commercial
E-mail. "Deliberate attacks against people's Web sites are illegal."
Before they started their current scheme they contacted every
anti-spam organization around, including CAUCE where I'm a board
member, trying to find
someone who would sponsor their scheme. Everyone including CAUCE
said no. Since they announced their plan as a separate company, it is my
understanding that at least two and maybe three web hosts have
booted them off due to their abusive plans.
Blue Security's approach (described on
their web site) is to
sign people up to provide spam trap addresses and to run a program
that Blue Security provides.
As spam arrives at spamtraps, Blue Security plans to take a variety
of approaches to get the spammers to stop, starting with notifying the
sender and the ISP hosting the web site, as many spam recipients do now,
and eventually
escalating to a denial-of-service (DOS) attack on the web site.
The DOS attack consists of a zillion unsubscribe requests all sent at
once.
There's no question it's intended to be a DOS attack; a
page
on their web site says so:
The overwhelming flow of complaints sent by the Blue Community keeps
rogue advertisers' sites busy for long periods of time and causes
them to have very long response times. Potential buyers are driven
away by the slow response time and poor experience.
Since spammers are bad guys, what's wrong with this?
Two things: it won't work, and it turns good guys into bad guys.
The reason it won't work is that this technique could only be
effective against spammers who are mostly legal, and have web sites
in fixed places.
That rules out about 99% of the spam I see, which is from spammers who
use throwaway web sites on virus-controlled zombie computers, just like
they use zombies to send their spam.
By the time you find the server, it's gone, and even if you could hit it,
you're going to attack some cable modem user with a virus, not the spammer.
But let's say they are able to correctly identify a site (more on this later),
and decide to unsubscribe-bomb someone.
In practice, if you can collect a few hundred complaints about a spammer, that's a lot.
But a few hundred hits on a web server is no big deal.
The only way that they're going to overwhelm a web server with unsub requests is to
send each request over and over, to generate tens or hundreds of thousands of web
hits.
One or two unsubs per person is plausible, but hundreds or thousands is pure abuse.
Fighting abuse with abuse might seem emotionally satisfying, but it is a dreadful
strategy.
Spammers have long argued that the only people who oppose them are extremist
anti-commerce communist etc. etc. radicals.
The responsible anti-spam community doesn't do stuff that's illegal, since it
would confirm the spammers' argument, and it would make it impossible to work
with the cops to shut down the spammers who are breaking the law.
One of the biggest challenges in the spam fight has been to get lawmakers and
law enforcement to realize that spam really is bad enough to be worth taking
legal action, something that's only started to happen on a large scale in the
past year.
DOS attacks are just plain illegal, even if you think the person you're DOS'ing
deserves it.
For example, in New York where I live, there is a specific crime
called computer tampering which clearly covers DOS attacks and,
depending on the amount of damage, can be up to a class C felony punishable
by 15 years in jail.
The list of defenses does not include ``they deserved it.''
The other reason it's a bad idea to fight abuse with abuse, is that you cannot
be sure you know who your target is.
So called joe jobs, in which someone sends out spam pretending to be from
someone else, to make trouble for the someone else, are fairly common.
Every spammer of course claims to be the victim of a joe job, not to be spamming
himself, and sorting out the truth involves is not straightforward.
A DOS against the wrong site (or even against the intended site, but causing damage
to other people who happen to use the same computer) would be illegal, incredibly
unethical, and a public relations disaster.
So no responsible member of the anti-spam community would consider it.
It's certainly frustrating that the fight against spam is so slow.
I'm doing what I can, including
working with governments
to pass effective anti-spam laws,
and using existing laws to
put spammers in jail,
but if the proposal is to start breaking laws to punish people we think deserve it,
no thanks.
posted at: 20:32 :: permanent link to this entry ::
27 comments
comments... (Jump to the end to add your own comment)
Director of Marketing
Dear Mr. LevineWe feel that some of the points mentioned in your article are based on inaccurate interpretation of key points in our service and would like to highlight some key issues where we have apparently failed to make our message clear. First and foremost, it is important to stress that the total number of complaints posted by the community is exactly equal to the number of spam messages received. For example, if 20,000 spam messages promoting a certain Web site are sent to the Blue Community, the Blue Community will post exactly 20,000 complaints on that site. We have spent considerable resources developing our solution such that we are able to receive the large amounts of spam our approach requires - both from honeypot accounts and from our community members. This allows us to stick to the "one spam, one complaints" principle. As you have accurately noted, some spammers use zombie computer to host their site. However, we do not post complaints on zombie computers. This is only one aspect of our strict policy never to cause any harm to innocent third parties. While this may reduce the effectiveness of our solution, we prefer to do things right. As for Joe Jobs, spam messages are examined by experienced analysts who research spammers and become familiar with their tactics, including the content of the spam messages they send, the structure and content of the websites they advertise, and more. Before allowing Blue Frog clients to post complaints on a spam site, our analysts examine the spam messages to verify they match the profile of the suspected spammer and advertiser. To validate the identity of the site owner, links in spam messages undergo a thorough inspection and authorization process, which includes cross-referencing with URL blacklists and whitelists as well as with data on the WWW/Usenet and with WHOIS records. Complaints are posted by the community only if the result of this process indicates the site is indeed operate by a spammer, and no response is received from the site's operator and/or hosting facility. In any case where there is a doubt as to the real identity of the advertised site (e.g. a suspected Joe Job) or a chance that an innocent third party will be affected, no complaints will be posted. We would be more than happy to presents to you the details of our service and receive your feedback and comments. Best Regards, Eran Aloni
Director of Marketing
Blue Security
(by Eran Aloni
25 Jul 2005 04:32)
> However, we do not post complaints on zombie computersI've yet to see a systematic way to determine if a computer is a zombie. Rock, meet hard place. If they don't do anything about zombie computers, there is not much point to the, er, "service." ISPs and legit marketers already talk to each other a lot -- there are feedback loops in place for ISPs to send legit marketers the user complaints. The ISPs generally don't care what happens to the complaint -- they just want to minimize complaints. If that means an unsubscribe, great. If that means the sender develops a fancy machine learning system to determine that emails without v1@gr@ in the subject get few complaints and change their habits, great.
(by Miles
25 Jul 2005 15:37)
Blue Security: Two Wrongs
I'm pretty sure it was me who coined the phrase "two wrongs won't make a spammer repent," many years ago.
Blue Security's stupid idea to exert "revenge" against spammers by attacking their web sites has been generating a lot of chatter; I'd planned to
(by
don't cross the memes 25 Jul 2005 18:19)
I believe that there are several inaccuracies in this article, and in particular a major misconception in the usage of the term "zombies".1) "I've yet to see a systematic way to determine if a computer is a zombie." Blue Frog software goes after the *websites advertised within spam messages*, it doesn't retaliate against the originating email server. The originating email server is what *could* be the zombie. The resulting (usually pharmaceutical) website, is typically a domain which has been up and registered and processing orders - often securely - for months. I know this because I have done my own research before even looking at the blue frog software. I ran it for a bit to see where it would go. It landed on a domain I've been spammed with since around november of last year. That is hardly the definition of a "throwaway web sites on virus-controlled zombie computers." Yes there are viruses which give backdoors to machines, but they are almost NEVER used for the setup of a website upon which to process credit card orders, let alone secure orders. In my opinion it is pure fiction to suggest that that is the case. 2) But let's say they are able to correctly identify a site (more on this later), and decide to unsubscribe-bomb someone. That is not what this software does at all. It gets the blue frog agent to syetematically load every page - simple page loads, not page loads involving dynamic parameters which actually *would* constitute a DDOS, since those pages could not be cached - and on the order forms it attempts to post messages to the offending websites to stop using spam to promote their products. As someone who has attempted this on a one-by-one basis myself I personally feel this is actually the more misguided approach. Most pharmaceutical spammers now have pretty rigorous form checks in place and will not allow anything but valid data to come through, so my feeling is that the only place this complaint will actually make an appearance is a web server error log. However: I still think that en-masse, and especially using the measured, ramped up approach this organization is using, this is NOT a DDOS attack by any definition. A true DDOS would have several notable characteristics to be effective: - Appending of dynamic, randomized parameters to the end of innocuous files such as images such that they cannot be cached in the web servers ram and would occupy more cpu and bandwidth to serve out
- In the millions and billions of hits per second, not a measly 10,000 or 20,000 per (their estimates) hour. (In my case it sent one page load every four minutes. That is hardly anything amounting to an "attack". I can do better than that with my fingers hitting "refresh")
- More strategic application of randomized data such that pages have to process more incoming values than they were meant to accept. While the blue frog app was running I paid a visit to the homepage using a regular vanilla (Firefox) web browser. The pages all loaded just fine, but slightly slower than would be acceptable. If the site were attempting to handle billions of orders they might drop one or two, but again: I cannot say that the activity this software performs is anything close to what any investigator would refer to as "an attack." It's a nuisance, but by the time the software is pitching these page loads one would have to assume that Blue Security had already exhausted a warning, attempts to email or phone, secondary warnings and then a final warning that the attack itself would begin. On the flipside I know for a fact that I and several people I know could devise any number of simple javascript functions which would be capable of much more harm than this application is capable of. Sure they could really ramp it up and do some real damage but the company is acting (by all accounts) extremely above-board. I for one am sick to death of spammers. I'm sick of seeing the same websites being presented to me in spam messages only for month after month. Nobody is doing anything to stop these people and they are consistently able to avoid prosecution. Let's add to that that I do not live in the United States, so no law in my country will ever effectively go after these people, and they are causing me damages (in the form of annoyance and harrasment) while remaining seemingly untouchable. If this is the tool that's available, I will take it. Note however that I will not turn to the likes of the Lycos tool (had it remained available) since that, to my mind, and especially after indepth investigation, DID fit the description of a DDOS. If you wanted to go after zombies, you would have a much, MUCH harder time. That is not by any means what Blue Frog is attempting to do. Try it yourself and then comment on it. I'm only one person. I know at least a dozen others who verified that these were long-standing websites and that they remained largely undamaged by this so-called "attack". I personally wish it were possible to do a lot worse but such is the legal state of affairs. Sincerely sickofspam P.S. I read this website pretty regularly and I'm somewhat surprised that no investigative work went into a better assessment of this software.
(by sickofspam
27 Jul 2005 21:11)
I think sickofspam needs to see just a few more emails :) Zombies are definitely being used to host websites. I see phishing sites hosted on them every day. While these phishing sites won't meat Verisign's definition of secure, they have all the pretty logos that appear to be fooling lots of users into thinking the site is secure.IMHO, the primary value in John's post is to help ensure that it does not become a DDOS site. If only 12 people download and use the tool, it won't become a problem. If 120million people download and use the product, it will be a problem.
(by miles
28 Jul 2005 01:33)
Are you kidding?
I think sickofspam needs to see just a few more emails :) Zombies are definitely being used to host websites. I see phishing sites hosted on them every day. While these phishing sites won't meat Verisign's definition of secure, they have all the pretty logos that appear to be fooling lots of users into thinking the site is secure.
IMHO, the primary value in John's post is to help ensure that it does not become a DDOS site. If only 12 people download and use the tool, it won't become a problem. If 120million people download and use the product, it will be a problem. > I think sickofspam needs to see just a few more emails :) Uh: Believe me I do. I have written extensive software to analyse my spamassassin saved results, and I meticulously track back links in any emails I see that are repeat offenders. I report pretty much every single phishing email I have gotten since october of last year. I've seen them. I know which ones are coming from zombies and it is patently obvious when a fly-by-night website is in use. > Zombies are definitely being used to host websites.
> I see phishing sites hosted on them every day. Sir: that is NOT what blue frog is going after, which is the point of this discussion. I said that in the cases of the sites that the blue frog app is going after, they are websites, with real, legitimate SSL domains, with full credit card processing, being relentlessly spammed to unwitting recipients, using the exact same domains, for months on end. Not a day here, a day there. The first four domains I noted that blue frog went after all had whois records dating back four years. These are clearly NOT zombie-hosted domains. Even in the extremely unlikely event that they were, the short-lived nature of a zombie-hosted website is to gather *some* date, quickly, over a very short period of time, and cover tracks. All of the sites blue frog goes after are clearly meant to remain up for long periods of time, to rigorously check valid credit card info, and process orders. I think miles didn't really read my comment. Again: read up on blue frog. Or better yet give it a five minute demo just to verify what I'm talking about. Also: I do not have any affiliation whatsoever with blue frog. I'm just an obsessive compulsive antispammer. I got mad enough about spam that I decided to figure out every means that they use to gain information from people. I *do* know where I'm coming from. The ruin that spammers are causing to the internet is ridiculous and I'm amazed so many people are up in arms about the only semi-result-driven solution I've seen so far. I still stand by the fact that by and large zombies are installed to monitor user activity and provide spamming capabilities. Yes some zombies install backdoors, and yes some backdoors turn into extremely lightweight, short-lived websites, but I have yet to see - and I challenge miles or others to show me proof - a single instance where a zombie install has lead to a machine automatically hosting a fully-realized credit card processing website including real SSL, not just a gif saying so. Every phishing site I have ever seen has been based on an existing website which was based an a pre-existing compromised website. I mean every single one. Zombies are merely used to propogate the email, not serve out the websites to gather the personal info. Those websites are hacks to pre-existing websites, pure and simple. Also: they last, at the very most, a weekend and in all cases use domains that exist purely for the use of that one-time exploit (ie: days, not years.) Also: they DEFINITELY do not use real SSL connections. Sorry to rant but I mean... at least read what I wrote. sickofspam
(by sickofspam
29 Jul 2005 10:25)
Blue FRog
I recently signed on with Blue Security and thibk what they are doing is great! Anything to cause trouble and bring these stinking spammers down is good in my book! They need to experience a little of their own medicine. The best way to stop a spammer is by hitting them where it counts, in the pocketbook! Right now Blue Frog is targeting online pharmacy sites. These sites ARE solid and there for the taking!Let me ask the author this. How would you feel if a relative or someone else close to you bought medication from one of these sites then died from it? I think Blue Frog can seriously help with this and shut alot of these sites down thus preventing anything like that from hppening! I say go get 'em Blue Frog! DOS 'em til they can no longer move! It's the only way to fight back!
(by Joe Blow
06 Aug 2005 19:58)
What does DDOS have to do with killing people?
I don't know about you, but if people are dying from fake drugs sold by spam, I think I'd rather try to put the crooks selling the fake drugs in jail where they belong, rather than waste time goofing around with what might or might not be their web site.
(by John L
06 Aug 2005 23:19)
Servers 'em right
Maybe a zombie computer *should* be DOS'ed out of service. Then perhaps its owner will wake up and do something about it. "Uh, duh, what? My computer had been... uh, what's a hacker?"I think the reason that John R. Levine doesn't like Blue Security's approach is that if it works, he and his books become irrelevant. Vigilanteism? It all sounds so high-brow. "...turns good guys into bad guys." "...working with governments to pass effective anti-spam laws, and using existing laws to put spammers in jail." Yeah, right. Like *that* will work. Kind of like making guns illegal, so then only outlaws have guns. [disclaimer: gun control is off-topic and not my point (especially in a country already saturated with guns), but the above statement rhetorically helps make the topical point.]
(by Short
25 Aug 2005 23:51)
Irrelevant?
I suppose it's nice once again to confim the mindset of Blue Security's fans.But since I've written about 30 books, only one of which is about spam, you'll need a better consipiracy theory.
(by John L
26 Aug 2005 08:41)
The million dollar question here is: For all of those folks that are hypercritical of BlueFrog's proactive approach to battling spam, why haven't you offered a viable solution. It seems so easy to criticize rather than offer more constructive solutions. Oh let me see, you same folks would rather have victims of unsolicitated spam use highly ineffectual spam filtering programs that do little to stop the spam, incorrectly identify spam messages, and in many cases take as much time and effort as that involved in getting the spam messages and just hitting the delete button. Yeah, now there is a good alternative solution - NOT!! My point: If you cannot offer a more constructive solution to the spam problem, then you need to stop criticizing BlueFrog. Obviously, 420,917 members(and growing), members are finding that BlueFrog is working for them and the word is getting out.
(by Johnny Smith
17 Apr 2006 00:02)
Million dollar nonsense?
Note to Blue Security:If you're going to hire people to shill for you, you really should give them a better script. Had you actually read my blog, you'd know that I have never advocated filtering as a solution to spam, and that my preferred solution is a multi-stage process starting with the ritual sacrifice of a goat.
(by John L
17 Apr 2006 00:44)
An interesting twist...
I discovered BlueFrog a few weeks ago (yeah, I'm slow), installed it and disabled my junk mail controls in Thunderbird in a moment of idealistic madness. I figured it wouldn't do any harm, but then today I get this e-mail message:-- Quote: -- Hey, You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com). You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally. How do you make it stop? Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again. We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result. By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this. Why are we doing this? Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity. Just remember one thing when you read this, we didnt do this to you, BlueSecurity did. If BlueSecurity decides to play fair, we will do the same. We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised. If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough. We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user. You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down.. Just remove yourself from BlueSecurity, and make it easier on you. Darius Pritchard -- Unquote -- Bluesecurity's website is indeed down just now, and my junk mail controls have been reinstated - for what they're worth. When it comes to it, I'd just like not to have e-mail about under-the-counter medications, body part enlargement/reduction, etc., etc. Is that too much to ask? It seems as though SpamAssassin is my only friend. Unless you can let me have that goat sacrifice ritual...
(by Alan Cunnane
02 May 2006 07:33)
The frog is back
Seems like Bluesecurity is back up again, no doubt being attacked by angry spammers...This is pretty cool, just knowing that its effecting the spammers enough to make them try and fight back. lets get more members already!.. beats filtering it..
(by LS
02 May 2006 21:33)
programmer
John Levine doesn't know as much about fighting spam as he leads everyone to believe. Bluesecurity has the right idea. Check out Lad Vampire. It has worked against fraudlent bank websites and blue frog will work against spammers. Believe me, I know. You can tell how blue frog hurts them just by how hard they are fighting back. Talk will keep things statis quo, action by the masses will put these spammers out of business. Bluesecurity has the right idea.
(by JMH
07 May 2006 21:13)
I received lots of spam before I became a Blue Security community member. Now I don't.I have read your original blog entry and the responses. You have made, and seem to continue to make, invalid assumptions about how the service works. The reduction of spam in my in box and the recent attack on Blue Security tell me it is an effective approach.
(by Richard
09 May 2006 08:58)
Blue Security do NOT do DOS attacks. In fact they carefully space their opt-out requests to avoid DOS happening. They sent ONE opt-out per spam. I have the right to request that spammers stop spamming me, and since they don't provide a geunine way to opt-out I will do it using the frog.Personally I don't think BS go far enough. I would be quite happy if they actually DID do DOS on spammers. Why is this guy posting exactly the same baseless lies about BS that the spammers do? Maybe next he will be ranting about how BS spam themselves and turn our machines into zombies.
(by Alan Brunsdon
09 May 2006 09:09)
Truth
Mr. Levine,< Blue Security's approach (described on their web site)
< is to sign people up to provide spam trap addresses... You make it sound like we're creating new spam traps like honey pots. The spam trap is my real email address... an address where I prefer to not receive spam. Honey pots were initially created for members long ago but BSec changed it's methods and are no longer used that way. < Blue Security plans to take a variety of approaches
< to get the spammers to stop... eventually escalating
< to a denial-of-service (DOS) attack on the web site.
< The DOS attack consists of a zillion unsubscribe requests
< all sent at once. There's no question it's intended to
< be a DOS attack... This is the false statement that just keeps on getting repeated. It's simply not true. If I receive one spam from an advertizer, my Frog sends one opt-out request. If I receive two spams, my Frog sends two opt-out requests. Period. This is not a DoS. This is in accordance with what's allowed by the CAN-SPAM act. If you claim that the BSec members' methods are a DoS than you must also accept that the spams originally sent are a DoS aimed at me in that they flood my inbox causing me and my computers to spend time doing things I wouldn't have to do otherwise... spammers are denying me the practical use of my own inbox. < It's certainly frustrating that the fight against
< spam is so slow. I'm doing what I can... No, you're not. If you want to speed the fight against spam, support the Blue Community rather than spreading misinformation. Here's some TRUTH which you nor anybody else can deny: I've been a BSec member since almost day one. Before becoming a member, my inbox was filled with garbage every day. A few months after getting on the DNI list, my spam had decreased to just about zero. Zero. Anybody and everybody, even the most novice computer user, can wrap their mind around that truth. John
(by John
09 May 2006 09:10)
I completely concur with the recent comments (May of 06). Your initial post of 25 July reflects a deep misunderstanding of the process. While I had misgivings when I first heard about the Blue Security approach, my on-board alarm told me I must have been missing the point about something. When I troubled to understand what the process actually involved, I happily enabled the Blue Frog reporting option in MailWasher. My spam count dropped.Blue Frog approaches injustice like Hammurabi -- forceful but proportionate. It is an eye for an eye approach. It does not, as some seem to believe, gouge out a hundred eyes at random in response to an injury to one's own. If you get one spam, BF will send one opt-out message on your behalf. If you get five, five. The level of response is completely under the control of those who initiate the attack. Spammers need to get the message that if they spam heedlessly, there will be a measured and proportionate response from Blue Frog members who get their trash. If they spam smartly, they can still get their messages out to those who are willing to accept them and avoid provoking those who are not. At the very least, please correct the inaccuracies and mischaracterizations in your original post. If you don't want to support the concept, that's fine. But at least deny it your support on the basis of a completely factual narrative. How does does mischaracterizing the activities of an alternative system help your established credentials as an anti-spam activist?
(by M222
09 May 2006 10:02)
In the short time I've been using Blue Frog I've been delighted with the results. OK - I received a deluge of spam after the threats but my spam levels have since reduced dramatically to below my "pre Blue Frog" levels, even though the Blue Security website has been down. Used in conjunction with Spamcop this is the best weapon I've seen yet to counter the spammers and make the internet a more enjoyable place to be. Why don't you "experts" listen to the users instead of blindly criticising without coming up with any viable alternative?
(by Jockdownsouth
09 May 2006 10:03)
Blue Security User and Fan
Everyone has an opinion and the Author of this is certainly entitled to his as are the others with various views that have posted here. I really do not have an opinion but KNOW for a fact that my Spam is down more than 70% from the levels prior to joining the Blue Security.As the Author has correctly pointed out DDos'ing is illegal in many places. If he has ANY evidence that Blue Security is DDos'ing I would hope he would forward it to the authorities. Isn't that what he suggest we do about our SPAM. Sounds like one more liberal, give the bad guy rights and presume the victim is guilty unless proven otherwise, concept. As with most of the Blue Security Users, I am sick of being forced to spend my time filtering email that I don't want, won't use, would never buy, was not requested, and is frequently offensive if not completely illegal. Blue Security has made the first appreciable dent in this load so long live the FROG.
(by Buckeye
09 May 2006 10:58)
I have been using the Frog since shortly after their launch. For years before that I was continually inundated with Spam to my family's three email addresses provided by my ISP. I would ritually forward all the Spam to my ISP's @abuse, uce.gov, Spamcop, Microsoft's email reporting center, etc. ALL had no noticeable effect. The content of the Spam was so disgusting; I could not allow my son to use his email address any longer. Within a few weeks of starting with Blue Security, I began to notice a sharp drop-off in Spam. Overall, I believe that my Spam has been reduced by over 75%. Mr Levine, rather than bash what Blue Security is attempting to do, why don't you sample users results and report on that. I truly believe that Blue Security has finally come up with an effective means of dealing with the Spam problem. What strengthens that belief is the extent that the spammers have gone to with the attacks of the last few days.
(by mahangttia
09 May 2006 11:15)
http://www.codemonekyx.org
I signed up for Blue Frog and then kind of forgot about it for a week. Shortly after that this attack by PharmaMaster started and rekindled my interest in the product. I wasn't paying attention to my mail much over the weekend. I expected to have roughly 200+ spam after 3 days of not checking my inbox. But suprisingly I only hade thirteen. Seven of that thirteen were threats from PharmaMaster. All I did was sign up and my junk mail was reduced to to less than 10% of what it was. I can only imagine how nice things will be one I start actively participating.So Mr. John Levine...will you ever bother addressing anyone's comment that Blue Security infact does not DDoS spammers and those they advertise? Blue Security has made it possible for U.S. users to exersice their rights to a opt-out request when they recieve unsolicited business emails with out spending hours stumbling around horribly designed sites and researching who the request needs to be sent to. As for the zombie machines...those are almost exclusivly for phishing scams. There are some zombies serving up pages intended to sell product, but they are far and few between. I spent a two month period of time last year researching the spam that was arriving in my inbox and others at my job, along with the sites they advertised and the mail server logs of every bit of activity during that period. I discovered that on average 69.4% of spam that arrived in one users inbox, and an astonishing 87.2% of spam to our domain all had one thing in common. They all shared the same opt-out link to the same server, only had different domain names and IP addresses depending on the spam message. So I created a new email address at our domain and then proceeded to submit that address to the opt-out form. Low and behold 2 days later the email address started recieving spam, and 7 days later it had nearly 1000 messages in its inbox. This lead me to poke around the site where the opt-out web form was hosted. The first thing I did, was remove the remove/removeme.asp portion of the URL to see what kind of page was hosted at the domain. I got nothing, so i added the remove directory portion back on the url and hint enter. Suddenly i'm looking at a directory listing of .txt files. I click on a few and apparently this is where the email addresses from the script are stored. I search for the one i added the previous week, and find it. At this point i'm fuming because i know that nearly 90% of the load on my mail server and 90% of the time employees are spending on email are deleting spam from this one guy. So I begin typing up a long message explaining that I aware that the opt-out page is fake and only used for farming. And that i've have logs showing how he bombarded our mail server with every combination of a-z and 0-9 up to 25 characters long trying to find valid email addresses and attempt to cram it into the email address box on the remove form, but it doesn't all fit. So I whip out what little Perl skills I have and start to write a little script that post this message to his "remove" list each and everytime a spam is recieved from him.
I add some more fake email addresses to his list and wait for the mail to come in. After a week only one of the email addresses is gettig spam. The other two seem to have gotten lost in the mix of 4 paragraph messages from me. I want to escalate things now that i know bombarding his list henders the addition of new addresses to his know good list. I leave the scripts at work alone, but at home i revamp the script to bombard this remove page as far as poor old perl can loop and fill the database with a random number of random characters from the full ASCII set, and alternate that with randomly generated fake email addresses. Each time I sit down to check my email I crank it up and let it hammer away until i'm done dealing with my spam, and then kill it. Did it help reduce my over all spam from this guy? Nope. Did it give me a warm fuzzy feeling at a time when i'm normally frusterated and stressed beyond belief? Yep! Was I technically wrong? Yea, sure...I did a bad thing...but i look at it like this. Blue Security's practices are completly fair and legal.
(by that weasel
09 May 2006 12:58)
Dear, oh dear, oh dear.Mr Levine, for someone who champions himself as an anti spam advocate, your obvious bias and misinformation campaign against this program is staggering. "Deliberate attacks against people's Web sites are illegal." How is sending an opt out request to a website an illegal act? Am I to assume then, that you think clicking on an unsubscribe link is an illegal act, too? "Blue Security's approach (described on their web site) is to sign people up to provide spam trap addresses and to run a program that Blue Security provides. As spam arrives at spamtraps, Blue Security plans to take a variety of approaches to get the spammers to stop, starting with notifying the sender and the ISP hosting the web site, as many spam recipients do now, and eventually escalating to a denial-of-service (DOS) attack on the web site." False, false, FALSE! NOwhere on the Blue Security website will you see ANY reference in their description or operation of the service to the use of "spam trap addresses". NOR any references to a "(DOS) attack". What you have stated are just plain lies. People register their own, currently used email addresses. Do we not have a right to request that our OWN addresses be excluded from mailing lists we never asked to be put on in the first place? "The DOS attack consists of a zillion unsubscribe requests all sent at once. There's no question it's intended to be a DOS attack". This again is a complete lie. They do NOT send all opt out requests at once. They are sent at staggered intervals. However, the sheer amount of spam people receive these days ensures that even at a staggered rate, there will obviously be a steady stream. There are, after all, only so many hours in a day. I notice that you chose NOT to add that Blue Security also provides the spammer with a simple piece of software that enables them to purge their mailing list of all Blue Frog user's addresses at the click of a button. Why IS that, hmm? "But let's say they are able to correctly identify a site (more on this later), and decide to unsubscribe-bomb someone. In practice, if you can collect a few hundred complaints about a spammer, that's a lot. But a few hundred hits on a web server is no big deal. The only way that they're going to overwhelm a web server with unsub requests is to send each request over and over, to generate tens or hundreds of thousands of web hits. One or two unsubs per person is plausible, but hundreds or thousands is pure abuse." Complete and utter dribble! Undescribe-Bomb? Nobody at BS does this. You say the aim is to overwhelm the web sites. Again, that is crap. The aim is to keep spammers busy purging their mailing lists which costs them time and inconvenience. As for "One or two unsubs per person is plausible, but hundreds or thousands is pure abuse." I have been using BF for around 5 months and the prog tells me every time I am sending an opt out request. It's a very simple equasion. One piece of spam in my email produces ONE opt out request. Believe me, if I were sending out thousands of emails per spam I would certainly know about it. "The responsible anti-spam community doesn't do stuff that's illegal". Tell me ONE thing I am doing that is illegal. And I mean based on the REAL activity, not your twisted propoganda version. You say there are, in your words, "legal" ways to fight spam. If by legal you mean totally innefective, then I agree. Spam has been around as long as the internet has and despite all these alternative methods you are so fond of, spam has increased year by year. They have not helped in the slightest..... Until the little blue frog came along. A spammer sending me an unsolicited email is akin to breaking into my living room and taking a dump on my carpet. I am DAMN sure I'm going to complain about that, as is my rite. I really don't know what your agenda is Mr Levine but it certainly isn't an anti spam stance. Just who's bankroll are you on, hmm?
(by Nemesis
09 May 2006 14:31)
As a long term Blue Security member, I would like to offer a comment. Much has been discussed here about the so-called "DOS" response of the Blue Frog. I've read sSpurious claims about "thousands" and "millions" of opt-out requests. But that is all just hogwash. Too many people misread the words and jump to wrong conclusions. The opt-out process will not perform MORE THAN ONCE PER SPAM RECEIVED. Look at that carefully. Does it say it will perform one opt-out per spam received? No. Does it set a legally entitled upper limit on the number of possible opt-outs? Yes. Enough of the theory, what happens in practice? Here is a simple example. I received and reported 487 spams for one particular web site. My frog visited that web site twice. Not 487, but 2. I used Blue Security's published statistics, and started calculating how many opt-out campaigns were performed in any one campaign. My best estimates have come up with a typical range between 200 and 600. Now if that is a DDOS, we need to go back and redefine the term. If any spamvertized web site has been brought down from these blue frog opt-out campaigns, I think we would have all heard about it. I await the first such substantiated example. I figure it is going to be a long wait.
(by Terry Bowden
09 May 2006 18:10)
I love BlueFrog
I've been using it for a short time and already the amount of spam to my work, gmail and home mail server has plummetted.It's not a DoS, they say one spam == one unsubscribe.
(by Gord
16 May 2006 11:44)
botnet servers...
(1) No doubt zombies are used to process spam.
But presently they're not used to host spamvertized sites.
I watch the 16 known botnet-based nameservers on a regular basis, namely
NS1.greentok.net, NS2.greentok.net
NS1.identbox.com, NS2.identbox.com
NS1.outfiter.net, NS2.outfiter.net
NS1.seriesequ.com, NS2.seriesequ.com
NS1.profdnsprovider.biz, ND2.profdnsprovider.biz
NS1.narrowtok.net, NS2.narrowtoknet
NS1.s-ns.net, NS2.s-ns.net
NS1.rd2006.net , NS2.rd2006.net
None of the websites these nameservers point to is related to the traditional pills/hoodia/pennystock/badCredit sites. There are solely phishing sites hosted on botnets. Seems it is impossible to provide a zombie stealth server with a valid security certificate. Which you need to process credit card data.
(2) Websites hosted on zombie servers regularly have multiple DNS entries . That's how they (and the nameservers involved)can be spotted using passive DMS replication
(3) As long as Russian and Chinese authorities decide to close both eyes towards the spam an phishing problems and as long as ICANN does not interfere with the registration of domains running botnet nameservers, nothing but netiquette disobedience seems to help...
(by Mycroft
23 May 2006 02:29)
Add your comment...
Note: all comments require an email address to send a confirmation
to verify that it was posted by a person and not a spambot.
Your email won't be displayed unless you check the box below, and won't
be used for other purposes.
|
Topics
My other sites
Who is this guy?
Airline ticket info
Taughannock Networks
Other blogs
Spam resource
(Al Iverson)
The Spam Diaries
(Ed Falk)
Word
to the Wise
(Laura Atkins)
Related sites
IRTF Anti-Spam Research Group
Network Abuse Clearinghouse
Coalition Against Unsolicited Commercial E-mail
|
