Vigilante Do Not Spam Email List Discovers Spammers Aren't Trustworthy
from the in-case-you-were-wondering dept
Last summer, a security startup made a lot of news for being the latest in a long line of "anti-spam" firms to try a vigilante -based do-not-spam list. The way it works is pretty straight forward. People put their names on the list. Spammers can clean their own spam lists by comparing it to the Blue Security list (they don't get to see the whole list, but it does tell them who to remove from their own lists). If the spammer still spams someone on the list, Blue Security goes into vigilante mode and fills up the spammer's web forms with junk info, hopefully leaving the spammer begging for mercy. It's certainly an appealing idea... when it works. However, there are certainly a few things that can go very, very wrong. First, we're talking vigilante justice, and that can mean totally innocent parties are harmed without much recourse. All a spammer needs to do is have a spam message pointed at someone else's site. Second, some of this requires that spammers have some honesty or integrity (stop laughing). The database has even been built into at least one popular spamming tool for spammers to clean out their lists. That works if the spammers actually believe they're better off not spamming those people -- but many spammers prefer to anger and annoy anyone who dares to ask off of their list. This has always been the problem with do not spam lists. Annoying spammers who are already hiding from the law won't look on it as a list of people not to spam, but as a list of live addresses that they absolutely must spam. So, it was only a matter of time before a spammer "washed" his spam list with the Blue Security list, and then emailed everyone who it removed from the list, threatening to bombard them with spam until they dropped off the Blue Security list. This is a silly threat, of course, since dropping off the list means that same spammer is going to spam you anyway, but it is leading some to freak out that Blue Security's database has been compromised. That's not quite true, since it's only those who were on both this spammer's list and the Blue Security list, but it does highlight yet another problem of this type of service.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
My mail box is all Black and Blue, but will never
The question however remains: How do we deal with spam? Do we create elaborate filters? Do we sue and jail them one by one? Do we resort to Do-Not-Email lists? Do we start charging spammers for spam 25c per email? Perhaps we could just close are eyes and it will go away? What do we DO?
[ link to this | view in chronology ]
Spam sucks.
[ link to this | view in chronology ]
Compromise
[ link to this | view in chronology ]
blue sec down
we recieved a bulk of spam today. most was stopped by my in house anti-spam but at least 10 times more than we recieved the day before.
it seems as if the frog is either dead or real busy 'cause i can't pull up the sight.
I'M NOT A VIGILANTE. I AM THE PUNISHER!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If anyone gives a spammer credit card info, you'd really have to wonder about them..
All Spam = Don't buy from them, seems simple enough to me...
[ link to this | view in chronology ]
As one of the first to reg. for a gmail account, I picked a name that proved to be popular with Russians. As gmail got more and more popular, I started getting more and more of "here's how to reset your password" forms in my email. Then, all of a sudden, I started receiving TONS of bounced mail. Apparently, someone started using my email as the "from" email in their spam emails, and of course, they'd send emails to tons of dead email addresses. All with crap russian mass-mailings. I also tend to get a lot of auto-replies -- saying stuff like "sorry, we think you're a spammer" or "this email address is dead now" -- and there's no easy way to sort that out.
Anyone else know of such tactics?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re: Joe Job
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Spammers beware
Second collect all of you spam mail adress and make a group mailing list for all of your junk mail and then email all of the junk mail back to the whole list of Junk mail you received. Some will make it a real collection point and some may not. To the ones it gets to.... well they get what you got. lolol
Gary
[ link to this | view in chronology ]
use filters, report spam that gets through
2) use a client side spam filter (if windows, spampal)
3) report any spam that still gets through. Use programs like http://spam-abuse.sourceforge.net to make it easier.
Spampal and spamabuse are free. Both are windows and both work extremely well.
Our abuse staff has dones 100s of thousands of LARTs with spamabuse. They've gotten child porn web sites turned off, 419 scammers drop boxes killed, etc. I'd highly recommend the filter and LART the ones that get through. I'm unlucky if I see more than 10 spams to any of my active accounts for an entire year.
[ link to this | view in chronology ]
Jerk Off
[ link to this | view in chronology ]
The benefit still lies with the anti-spam
Right now, the collateral damage is bad, but it's not any worse than what the spammers are already doing, such as Joe Jobs. So two web sites have gone down due to anti-spam activities. That sucks, but it is due to spammers not playing by the rules.
Spammers will continue these efforts to stop the anti-spammers, and it will get worse. But remember, fighting back costs the spammers too. Eventually, when the economics of spamming are no longer so positive (for the spammers), they will cease. It will probablly get very ugly right before that though.
[ link to this | view in chronology ]
Gmail Junk-Mail Filters
[ link to this | view in chronology ]
Re: Gmail Junk-Mail Filters
[ link to this | view in chronology ]
Ha ha! You didn't get me...kinda...
[ link to this | view in chronology ]
Another entry from someone who doesn't understand
But to clear some statements made in this entry. Blue Frog does not go into "vigilante mode". It sends complainst from the user who has RECEIVED and FORWARDED the spam to Blue Security. Therefore it only AUTOMATES the complaint, which could have been made by the user who received spam.
Therefore, if the user does not forward the spam spamvertizing a certain address, that user does not complain. Additionally, all spamvertized sites are checked by humans (tech specialists) at Blue Security before scripts for the site are prepared. Therefore, if the spammer joe-jobs an innocent website, these people will notice it and will NOT prepare such scripts.
All comments about Blue Frog being a "DDoS machine" or an illegal/immoral solutions are due to the fact, that authors of this comment, such as author of this entry, are unfortunately incompetent, and did not read about how the application/system works, and did not try the system themselves. I am using Blue Frog for about 2 months, and I've read how it works, unlike the author of this entry.
And all I can say, this "attack" is only a lame attempt to scare people off and it shows people are not scared that easily. Spammers are only encouraging more people to use Blue Frog, because people notice, that spammers are getting desperate and aggresive, because they're actually losing business because of Blue Frog. And all the publicity also helps.
[ link to this | view in chronology ]
Blue Frog Rocks!
"But to clear some statements made in this entry. Blue Frog does not go into "vigilante mode". It sends complainst from the user who has RECEIVED and FORWARDED the spam to Blue Security. Therefore it only AUTOMATES the complaint, which could have been made by the user who received spam. "
And we know Blue Frog WORKS. The reason the bluesecurity.com is down at the moment is because someone has launched a DDos against them. Check out the SANS Internet Storm Center - http://isc.sans.org/
How much you want to bet that Blue has managed to piss off a spammer enough that the spammer is trying to get revenge on them?
If the bad guys are shooting at you, you know you're doing something right.
[ link to this | view in chronology ]
Special e-mail address for forms
the number of spam messages from most of the worst sites to us has dropped. :-)
[ link to this | view in chronology ]
this is messed up.
At the time, I was a bit worried.. the spam seems to have already stopped. Thankfully. Threats suck even when you know they are full of hot air.
I had no idea how blue security operated. I am not sure what to make of the whole situation, but all I say is .. I dont want to be spammed.
[ link to this | view in chronology ]
Blue Frog ARE spammers
group of lying scumbags seeking to cash in on the net's spam problem
BY MAKING IT WORSE. Oh, they're not stupid: they're just
greedy, and they know full well that there's an ample supply of
morons who will sign up for their "service".
So what we really have here is a fight between two sets of scumbags.
Here's hoping that it escalates as much as possible so that they do
maximum damage. And if that includes the morons who have chosen
to support spam and abuse by signing up to be their customers: that's
fine. Morons deserve to suffer.
[ link to this | view in chronology ]
that sounds good. what do you guys think?
[ link to this | view in chronology ]
I just signed up with a new filter service, and it
FCK those guys. I'd love to do real physical harm to some of them.
[ link to this | view in chronology ]
Meanwhile the spammers are at large..
http://www.silii.com/got-a-good-laugh-from-this-spamhaus-listing/
[ link to this | view in chronology ]