The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Tuesday, May 02, 2006

Blue Security "do not email" list obtained by spammers

Background: Blue Security is an anti-spam service which I've written about on previous occasions. In a nutshell, users sign up with the Blue Frog service which publishes a "do not spam" database. If a spammer fails to honor the "do not spam" list, Blue Frog then coordinates a massive complaint campaign (one complaint from each subscriber) against the spammer's web site. John Levine explains that the process is not perfect, in that it requires the spammer to have a web site to complain about (most spammers use throw-away web sites, knowing they'll be closed down soon enough.) However, it's worth pointing out that the complaints are also directed at the spam's sponsors, who do have something at stake in their web site.

Presumably the list was protected in some way which allowed spammers to use it to wash their own lists against it, but which did not allow the spammers to simply obtain the list itself.

However, spammers have apparently obtained the raw list, or at least part of it, and intend to use it to retaliate against Blue Security and its customers.

Anti-spam blogger Richi Jennings has examined the list and determined that it's not complete. The most likely explanation is that a spammer simply compared his own mailing list before and after washing it against the Blue Security database.

One Blue Frog user reports:

So I am a member of BlueFrog and this morning I get a message from a spammer threatening me that if I don’t remove myself from BlueFrog in the next 48-72 hours, they will bombard me with spam…

Sounds to me like they’re running scared. For the past years, spammers have done nothing but ignore any requests to stop…since they can’t ignore BlueFrog, now they’re threatening like a bully in a schoolyard.

I’m staying with BlueFrog…at least it’s seeing results.
Given the vitriol with which spammers are attacking Blue Security, I can only conclude that the system has spammers running scared.

Update: Slashdot has coverage of the issue.

Update: Here is the text of one threatening letter:

To: EMAILADDRESSREMOVED@memphis.edu
Hey,

You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).

You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

How do you make it stop?

Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.

We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.

Why are we doing this?

Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails.


Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.

If BlueSecurity decides to play fair, we will do the same.

Just remove yourself from BlueSecurity, and make it easier on you.

Update: Realtech News also has an article about the attacks.

2 Comments:

Blogger Tom Edwards said...

As you've sort of pointed out, this is indeed a con. The list is secure - not that it makes much difference. Even if it was public, most spammers would keep away from it.

9:37 AM  
Anonymous Anonymous said...

Hi, i am a Spam-Blogger, collecting Spam since 1899!
Please, if you have some Spam and i dont have it, please come to my Blog and drop it off, i'd appreciate it very much!
Thank you!

4:42 PM  

Post a Comment

<< Home