Blue Security Gives up the Fight 672
bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
The problem is it relies on a central server. (Score:5, Insightful)
Re:The problem is it relies on a central server. (Score:5, Insightful)
Take a page from SETI (Score:5, Interesting)
However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.
Re:Take a page from SETI (Score:5, Insightful)
This works ... 100% effective in killing off spam (Score:4, Interesting)
Be pretty hard to get a murder conviction ... after all, there are literally MILLIONS of people with a motive ... I can picture it now ... the jury is deliberating, and says "the spammer got his skull crushed in ... sounds like he got off too lightly, dah?"
Next is Nagasaki (Score:3, Interesting)
(Given that the police are saying this one may be unrelated to spamming, it may take at least two MORE.)
Hiroshima showed Japan that the US COULD make and deliver a nuclear bomb.
The Japanese generals knew what it was, because they were working on one themselves. At that point, many of them thought the war was lost, and were prepared to surrender. But some of them argued that collecting and processing the necessary materials was such an effort that the US probably only
Re:This works . 100% effective in killing off spam (Score:4, Interesting)
Re:This works . 100% effective in killing off spam (Score:4, Funny)
Re:Theology (Score:3, Insightful)
In the modern day, we see a lot of people judging and throwing stones, and claiming that they're right to do so. Now, I'm no biblical scholar, but I'm pretty sure that both the OT and the NT are prett
Re:Theology (Score:3, Insightful)
My point, thus, is that, where there is doubt, there should be circumspection. I've never heard a defense of murder, for example, that would appeal to a rational audience. On the other hand, biblical passages have in times past been used to justify murder, for e
Re:Theology (Score:3, Informative)
His point was that my point contained a logical inconsistency, whereas your point, and correct me if I'm wrong here, was that preaching to everyone who one would happen to meet on the streets was a moral imperative, and the refusal of the passerby to listen would necessarily encompass the destruction of their nation, or a 40' drop, depending.
While I view his post as a bit of a logi
Re:Take a page from SETI (Score:5, Funny)
Seriously, it's that annoying.
Maybe Sealand wants to start a Special Forces unit or something.
Re:Take a page from SETI (Score:3, Funny)
Re:Take a page from SETI (Score:4, Insightful)
Do it right then. If you've got 15 names, murder 10. Then drop a Usenet post with a couple of scene shots saying "There's five names left on my list. If you want to know if yours is on it, just keep spamming." That would stop much more than 15 spammers. (Or at least they'd cower.)
Re:Take a page from SETI (Score:4, Informative)
Re:Take a page from SETI (Score:3, Interesting)
If every ISP blocked outgoing SMTP messages from their users and either 1) forced them to relay mail through their servers or 2) ensured that any user-run mail servers were properly configured with SPF, etc. before allowing them to access outgoing port 25 traffic, it would allow allow much better assurance that the sender was
Re:Take a page from SETI (Score:4, Insightful)
leave all my ports open, thanks
Re:Take a page from SETI (Score:3, Insightful)
P2P perhaps? (Score:4, Interesting)
Re:The problem is it relies on a central server. (Score:5, Informative)
an attacker.
One of the nice attributes of having a central server is that BlueSecurity could validate
that the site was a legitimate target before unleashing the flurry of opt-out requests.
Re:The problem is it relies on a central server. (Score:4, Insightful)
Re:The problem is it relies on a central server. (Score:4, Insightful)
Then, when the spammers act to take it down, they take down the internet.
Then joe-public and jackass-senator get involved and play hardball to... leading to PMITA prison for the the domestic ones, and severe concequences for the out of country ones. (Why the heck not just flatline all traffic out of Korea (home of many many zombified machines) for example. They clean up their boxes or they have their own internet.)
That's hardball.
So far, I have just seen reactionary measures that don't last long, or hand-wringing.
Re:The problem is it relies on a central server. (Score:3, Interesting)
Re:The problem is it relies on a central server. (Score:3, Insightful)
an attacker.
Easy. Make it not relying on a server or P2P network at all. You only opt out *YOUR* e-mail address (hashed, of course). The mails will be either automated or human-verified (by you).
Re:The problem is it relies on a central server. (Score:2, Interesting)
Re:The problem is it relies on a central server. (Score:4, Interesting)
Coral cache (http://coralcdn.org/ [coralcdn.org]) with mod_expires to tweak the cache time and adjust length for high traffic times and mod_rewrite to drive everyone but Coral servers to the Coral cache. Not perfect but it could keep an otherwise dead site to appear alive for an extra day or so. Add in it's completely free, doesn't alter your pages and the only limits are a max single file size is ~35M and a daily bandwidth cap at 250G it's not a bad way to go.
The question is would this take enough heat off of Blue Security to keep going?
The problem is a naive attitude (Score:3)
We will have spam as long as we rely on on an email system that relies on the good citizenship of senders. The only fix is a new system where you can't create a new identity just by modifying your email header.
When the going gets tough... (Score:5, Insightful)
Re:When the going gets tough... (Score:2)
I think you don't realize just how big the attack on Blue Security was (or the sort of resources the spammers control).
There's probably less then one hundred companies who could've withstood that sort of ddosing. Blue Security wasn't one of them.
Re:When the going gets tough... (Score:2)
Neither was Tucow.
Re:When the going gets tough... (Score:2)
-nB
Re:When the going gets tough... (Score:5, Insightful)
Because these "spam kings" (ok, let's find a new, more acceptable phrase, like "spam dorks") tend to hide out in countries that either have a) no formalized relations with the US or other countries or b) countries that might be allies but will not let us simply go tromping through their country on the hunt for spammers.
They hide in the shadows, collect money from the stupid and unwary, and then go after anyone who tries to stop them. If you think DDoS attacke are their only weapon, think again. It really is going to take a campaign of Internet espionage followed by vigilantism to get at most of these people. I can see it now... Merc for Hire -- specializing in SPAM and the removal of the source with extreme prejudice!
Re:When the going gets tough... (Score:3, Interesting)
Wrong. Of the top 200 spammers [spamhaus.org], the vast majority is still located in the USofA.
They aren't hiding in the least. We know who they are. But Bush & Co. don't get enough spam, apparently. Ot
Re:When the going gets tough... (Score:3, Funny)
Re:When the going gets tough... (Score:5, Interesting)
That said, I too am disappointed, but until effective means of finding and holding accountable the people behind the attacks this kind of extortion will continue.
Welcome to the wild-west. Where's Sherrif Bart and the Waco Kid when you need them?
Re:When the going gets tough... (Score:3)
Re:When the going gets tough... (Score:5, Insightful)
Re:When the going gets tough... (Score:5, Insightful)
Re:When the going gets tough... (Score:3, Interesting)
However, if they close up shop this easy, were they the right ones to be leading this fight?
I also just love how I had to hear about this on
The worst part is they probably picked up 50,000 or more subscribers over the period of the DDOS. It was actually much better advertising than they could have ever bought. Heck, it got me to join!
Re:When the going gets tough... (Score:3, Interesting)
Re:When the going gets tough... (Score:5, Informative)
Of course, the amount of DOS the site gets should be comparable with the bandwidth needed to send the spams, so there are no abuses of the system. Just send their crap back to the sites they run.
That simply won't work because it will get exploited very easilly. I assume only links that have been submitted a large amount of times will get DDOSed. Someone will create a large amount of fake accounts on the P2P network, submit links to their target (or maybe spoof all the link submissions without needing to create fake accounts), and get a free DDOS network to attack whoever they want.
Re:When the going gets tough... (Score:5, Interesting)
It's exactly the same amount of traffic as everybody who recieved the email sending their own "Piss off and leave me alone" request.
On the subject of OS DoS, it won't work because the network will be too easily exploitable. However, something which used a supernode system to distribute the load would work quite well.
Personally I'm waiting for Google to step in, collect the pieces of Blue Security, then offer it as an automatic feature built into gMail. Spam gMail (x million accounts), someone checks that it really is spam, and then the spammer effectively gets a message saying "Stop spamming Google customers". Ignore it, and that's x million identical requests sent by one mother of a system.
Re:When the going gets tough... (Score:4, Insightful)
It'd be 3 days until spam is a thing of the past.
I mean, we've been talking about removing the profit for a long time. Has nobody before me thought about doing it by removing the dumb who are the profit source?
Re:The google of all mothers (Score:3, Interesting)
There is a simple way for the states to end spam. Require a 1 year period for any person who buys somthing from a spam message to get their money back---for any reason. The banks would no
Re:When the going gets tough... (Score:4, Funny)
They should have listened (Score:5, Insightful)
"When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."
Hell, the idea of flooding the spammers network is older then a reasonably aged Armagnac and was discounted even when it came up.
Building a business model on such an innane idea looks as if the company execs are a few fries short of a happy meal. Speceifically since they where warned by more experienced people.
We are ALL "owned" (Score:5, Insightful)
The internet is no longer free (not as in beer). We must pay obesience to the owners by allowing their spam in out inboxes.
I, for one, do NOT welcome our spam-spewing overlords.
Re:We are ALL "owned" (Score:5, Insightful)
May whatever Deity exists prevent you from learning the difference first-hand.
Re:We are ALL "owned" (Score:5, Funny)
Only if your INBOX is a vagina.
Re:We are ALL "owned" (Score:3)
Too bad. (Score:5, Interesting)
I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.
Re:Too bad. (Score:2)
Re:Too bad. (Score:5, Funny)
Water and foam both put out fire by lowering the temperature and depriving the combustible material of oxygen. This requires enough foam or water to completely saturate the area already burning, with a bit extra on the edges to prevent fresh fuel from igniting. That works well on a small scale (a single house), but very poorly on widespread forest or brush fires.
"Fighting fire with fire" means a controlled burn going inward toward the source of the fire. Done correctly, by the time the controlled burn meets the core of the fire, it has left in its wake a wide swath of already-consumed and partially-cooled fuel. Thus, the fire can't contine spreading outward along that same path. Completely surround the fire with such already-burned zones, and the fire can't do anything but burn itself out in-place.
Rather than needing to saturate the existing fire and its edges, this only requires defending a single line against spreading in the wrong direction - And preparation for that can start before igniting the controlled burn (such as by pre-saturating the area and/or clear-cutting a narrow strip bordering the target burn).
Extending the metaphor to to anti-spam techniques, think of the above description as DOS'ing the core of the fire. If we saturate the spammers' network connections, they have no more bandwidth to consume in spreading their crapfloods outward to the world. Continue until bandwidth costs "consume" the bank-accounts of the spammers (or more realistically, they cut their losses and run), and the spammer goes under (at least temporarily).
Now personally, I'd rather mix metaphors and literally fight spam with fire - Track these less-than-worthless bastards down and surround their offices or houses with a ring of fire moving in toward the core. Then roast marshmallows over their charred corpses as we sing "We Shall Overcome".
But, the law frowns on that, so I'll have to settle for simply helping to put them out of business.
Ugh. (Score:2, Funny)
http://www.stormloader.com/garyes/its/#top [stormloader.com]
It's not that hard.
official statement (Score:2, Interesting)
authority? (Score:5, Funny)
Funny, not having the authority to do it didn't stop them before...
Dive Into Mark said it best... (Score:5, Interesting)
If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.
[...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."
From Dive Into Mark [diveintomark.org] (which doesn't seem to be responding, so try Google's cache [72.14.209.104].)
WRONG! It's an ECONOMY problem. (Score:3, Insightful)
NO! SPAM is a problem of bandwidth STEALING! Spammers are using OUR bandwidth to GAIN MONEY.
Remove one of the two (our bandwith, or their money) and we'll solve the problem.
From their Website (Score:3, Informative)
Blue Security Ceases Anti-Spam Operations
When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet.
Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.
However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.
After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.
As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.
You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you.
We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company.
We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks.
We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community.
Thank you for your support,
The Blue Security Team.
Re:From their Website (Score:2)
Well, that explains it (Score:2)
This is extremely disappointing, I must say. Now that they finally got a noticeable success, world wide recognition and made lots of spammers squirm and wonder what will they do, they go and give up? Sheesh.
But ah well. The client was Open Source, wasn't it? So, who will pi
I'm probably wrong here (Score:2)
Solving the Spam Bot problem (Score:5, Insightful)
This does not seem to me to be a difficult technical problem and it is in everyone's interest to get the compromised machines off the net.
Re:Solving the Spam Bot problem (Score:4, Informative)
Re:Solving the Spam Bot problem (Score:5, Informative)
ISPs are using the blocking of outgoing smtp traffic on port 25 for this very reason. But to really shut down this problem the ISP would also have to be able to provide technical support to remove the virus, or atleast something of that nature. Let alone the customer won't even think their computer is infected (how could it be, i don't download anything!!?) and the flurry of angry phone calls would ensue.
We had users at my campus that had blocked ports for a month before we were able to get in touch with them, they just thought their computer was broken. Or we get a phone call from an angry parent whose little suzy or billy can't send them email and update their facebook.
The idea is possible, but it is a nightmare in reality to have to support.
Re:Solving the Spam Bot problem (Score:5, Interesting)
Privateye is a tool that our network security admin here at Middlebury College, Mike Halsall, wrote to automatically quarentine computers into a VLAN (that stays with their mac address) that only has access to a help page, anti-virus tools, and windows update.
Due to the use of this and campus manager (I believe it's the software that actually manages the VLANs, could be wrong), viruses have gone from taking down the campus network several times a year, to being a non-issue. From the project page:
- Adam
Right (Score:3, Insightful)
Anymore then people want to know their 3 ton car is causing glob
Re:Solving the Spam Bot problem (Score:5, Informative)
Because its in nobody's financial interest. A zombie computer causes most of its harm to other networks, not the one its on.
Most of the ISPs are now large telcos and cable companies who hire support staff at would-you-like-fries-with-that wages. They don't have the capacity or the incentive to disinfect a zillion Windows boxes. It's much cheaper to buy a bigger pipe.
Of course, Microsoft owns the root problem. They sold a supposedly consumer-grade operating system that consumers can't maintain. Windows needs a dialog box that says, "You computer has been invaded by evil fuckwads. Would you like to kick them out?" where the two choices are "Yes" and "Ok".
If they had a lobbyist... (Score:2)
Scary thought (Score:4, Interesting)
And of course, if you're in the business of breaking the law online (or rather just being generally anti-social) it's simply prudent to gather an army of computers, and then use that power to make others give into your demands. The actions of one hacker and his botnet caused an entire company to shut down operation - that's scary.
And scarier still is that the thousands of people whose computers were hammering away at the server, contributing to the victory of evil over good, are unaware of the part their machines played, and will doubtless play again.
This really is the computing equivalent of creating massive private armies with a mind-control drug - and while the email system really needs an overhaul, while the possibility to harness this kind of power exists there'll be the opportunity for extortion on this scale.
Spammers are the virtual mobsters. (Score:2)
You mess with their illegal profits - they'll mess you up. It's as plain and simple as that. They're not even hiding it anymore.
Let's just hope they'll start receiving the treatement that their real-world counterparts have recieved. In our lifetime.
One man can bring down the internet? (Score:3, Interesting)
I find it very hard to believe that it is this straight-forward for one individual to potentially bring down the entire internet infrastructure. The Register reported on this story and said, "Anti-spam firm Blue Security is to cease trading after deciding its escalating conflict with a renegade spammer was placing the internet as a whole in jeopardy." It went on to say, "During an ICQ conversation, PharmaMaster told Blue Security that if he can't send spam, there will be no internet."
I suppose the most concerning part of this story is the bit where bribery appears to persuades a top ISP to make some dodgy configs:
"According to Blue Security, a renegade Russian language speaking spammer known as PharmaMaster succeeded in bribing a top-tier ISP's staff member into black holing Blue Security's former IP address (194.90.8.20) at internet backbone routers. This rendered Blue's main website inaccessible outside Israel."
This story smells a bit.
We're going about this the wrong way (Score:5, Insightful)
Filtering is one way, but basing it on the raw content of the email won't work. If there was a public key repository where legitimate users placed a public key for decryption, and all legitmate email were sent encrypted with the corresponding private key, the authenticity of the email could be known. Then, if someone starts making a nuisance of themselves, they could get their public key revoked. If this method were used, filters could be made to only let through emails that decrypted with the public key of the sender.
Let's face it, spam is a fact of life. Remember that you're up against people who do this as their 9-5er with no regard for law, ethics or their public image if you want to go the force-vs-force route.
Good riddence. It never really worked anyway. (Score:3, Informative)
Spammers are the wrong enemy (Score:4, Insightful)
And underground, it'd be also be helpful to DDoS the fuckers. The problem with that is that the dickhead 13 year old kids running the botnets don't care about spam.
Attack where it hurts (Score:3, Interesting)
So you have to hit the site that's been advertised by the spam. P2P has been mentioned as the "way to go" to avoid a similar fate. And the dangers of "seed poisoning". This can be circumvented. Have the clients "read" the spam folder of the participating person. Have them exchange their spam folders. Have them count the messages received. And once a critical amount of similar or identical messages have been identified, have them hold a vote who's going to get it for the next, say, 8 hours.
This all can be done without the participation of a host.
Now, of course someone could send around some spam to, say, shoot at Microsoft. How to prevent that?
Well, spam needs some time to propagate. This time can be used to update some whitelist. This whitelist, again, would have to be administered decentralized. I.e. you declare something "not spam". If enough people call spam "no spam", the attack won't happen. At the same time, run a blacklist that lets you identify something "clearly as spam", which puts more weight behind the counter.
If something has circulated for 2 days or more and is still labeled "Spam", the flood rolls in. Yes, I'm aware that quite a few spam-ad'ed servers are hijacked too. That's why the attack should not run for more than about 2 hours. Should give the admin there a good heads-up, to say the least, and take a look at his setup. Should he not wise up, the next one runs for 4, then 8, 16, 24 hours and so on.
Still needs some fleshing out, but I guess that'd be a way to run it.
Can't fight fire with fire (Score:3, Interesting)
You started the fight and you expected them to buckle but you forgot one thing. They don't care if what they do is illegal. You do.
They will keep sending their junk and if you think they will ever stop you are naive. You can't stop them from doing it. You have to accept that first and then come up with a method that will just make it harder for them to get their junk out.
Never signed up for this (Score:3, Insightful)
This really demonstrates the need for a distributed version. Not only is the centralised architecture easy to attack, as we saw with BS vs PM, but also it's at the mercy of its operators. A living breathing antispam system was in place, with many willing users, but had to be shut down because the tiny head at the top of the body wanted out. If it was less monolithic, head shots wouldn't even exist.
Tie that in with my other idea [slashdot.org], and maybe there's a good method in there somewhere.
LET'S CONTINUE THE FIGHT (pls read) (Score:4, Interesting)
Anyway, this clearly gives us one choice: Decentralizing Blue Frog.
The concept has been proven. Flooding the servers with opt-out requests.
So I propose this: Make a decentralized "black frog" which directly analyses the e-mails and begins doing what Blue Frog did. But this time, it's per-user.
If anyone wants to start the Black Frog project, give me a message (my gmail address is posted in my account).
The concept is this. Instead of asking the spammers to download the "do not intrude" list, hash your own mails using the following formula:
hash = substr(SHA1(e-mail),32). And in the post tell the spammer to remove this hash from their mailing list. (We can include random hashes to make it blurry).
If anyone wants to start the project, I'd be happy to organize it.
We need:
* At least one person with access to the Blue Frog sourcecode, or someone who has helped in programming the Blue Frog
* Lots of programmers
Writers class 101: Define before use (Score:4, Insightful)
What kind of thing? What kind of effective method has been found to do, what exactly? What is "this" concept we are talking about?
I read this site (almost) daily but have never ever heard of this company before. As it is apparently some kind of small startup, I'd imagine many others around here have never heard of them, either.
Without any context, this "article" is pure gibberish. Maybe it makes sense after reading the linked article (which, I'll admit in good
Re:Third Choice? (Score:2, Funny)
Sigh! Or why spam is unacceptable (Score:5, Insightful)
Fine, I'm happy for you. You obviously don't own an active domain, or a business. Because otherwise I could guarantee that it gets to be a problem for you.
But the problem is not you, it's not me, it's not my little kid sisters dog.
The problem is that a couple of hundred big time spammers are getting rich by shitting into the communal water supply!
If you think that's acceptable within a society then you will apologise that I have no respect for you and the likes of you.
Re:Sigh! Or why spam is unacceptable (Score:5, Interesting)
I do both (well, I work for a guy who owns a business), but neither my home account nor my coworkers' inboxes get nontrivial amounts of spam. I've written instructions on how I did it [freesoftwaremagazine.com], and if you follow them, you can probably get rid of your spam problem as well.
It's not easy if you're J. Random Enduser, but any qualified system administrator should be able to take the steps needed to win back control of his servers. You can choose to do this - with today's software - if you're willing to exert a modest amount of effort.
Re:Sigh! Or why spam is unacceptable (Score:3, Interesting)
I find the whole spam thing quite fascinating.
Firstly, I'm fascinated by where the money comes from. It's taken as axiomatic that spammers get rich because they're paid by unspecified end customers. But all the spam I've seen is for hopeless, obvious scams: are the perpetrators of such scams making so much money they can afford to pay top dollar to spam stupid people? Perhaps they ca
Re:Sigh! Or why spam is unacceptable (Score:3, Insightful)
Re:Email is broken (Score:4, Insightful)
If you do that sort of thing enough, you will be tracked down and (if caught) prosecuted.
The same apparently cannot be said of spammers - or at least, not the ones that pick on individuals. I imagine that the story would be different if they chose to forge addresses from amazon, google, microsoft, etc.
Re:Email is broken (Score:5, Insightful)
Interesting metaphor. Fact is that public waters tend to be full of shit, and there's nothing we can do about it. Reservoirs are routinely colonized by fish, waterfowl and aquatic arthropods, which eat the plants and each other and shit out the waste. Water supplies can only minimize this; they can't prevent it. So, rather than fighting a hopeless battle and delivering contaminated water, they accept the situation. They try to keep the reservoir somewhat clean, but they also filter and sterilize the water while delivering it.
It's likely that the same situation with email is permanent. Attacks can cut down somewhat on spammers, but like the insect larvae in the reservoirs, there will always be spammers in the internet. Delivering clean email will require filtering and decontamination software. We already have lots of it in place, and it's likely that we will always need it.
There will always be hucksters and scammers out there trying to separate us from our money.
Re:Third Choice? (Score:5, Insightful)
Re:Third Choice? (Score:4, Interesting)
If I got spam from someone, I sent them an e-mail asking them to stop. When I got another one from them, I sent two. Then three, four, and so on. I made liberal use of free e-mail so they couldn't filter out my addressed, and eventually spammed one guy with 98 e-mails before he relented.
Multiply that by 500,000 users and you'd get one nasty spam attack. That's what these guys deserve: to get one e-mail for every e-mail they've sent to each address. Tens of millions of e-mails flooding their inboxes.
Re:Third Choice? (Score:3, Insightful)
Re:Third Choice? (Score:5, Funny)
Re:Third Choice? (Score:5, Informative)
but anyone who's still getting spam in their inbox should install some nice filtering software.
That's not the point. If you run your own mail server or rely on filtering at your client end the spam uses up your bandwidth, your storage, your CPU resources to filter it, etc. Spammers like to use zombie machines around the net. Their operations cost them very little as they steal the capability from everyone else.
Re:Third Choice? (Score:5, Insightful)
I have a catch-all email address set up on my domain - so $anything@$mydomain gets to me.
For years, I used to get a very small amount of spam to addresses like info@, sales@, etc, and a throwaway account I used on a website that I never used for any real mails.
Then, a few months ago, some scum-sucking shit-brained low-life motherfucker* decided to use my domain name in forged From: addresses.
(* But I'm not bitter)
I now receive on the order of a thousand spams, bounces and assorted related crap per day. Now, of these, only a tiny handful make it to my inbox, and they're all easy to spot. I've not done the stats, but I'd image that Thunderbird's filtering is 99% accurate or better.
It's still a pain in the arse though, and it's still utterly unacceptable behaviour on the part of the morons responsible.
I don't necessarily think that vigilantism is the answer, but something has to be done.
(Yes, I could switch off the catch-all addressing, but I actually find it useful, inconsiderate wankers trying to ruin the entire net for everyone not withstanding)
Re:Third Choice? (Score:5, Insightful)
Why not? It obviously is. Nothing else is working. Once a few spammers have died horrible deaths, or have been mutilated, tortured, branded and hung out in the marketplace covered in honey with a big ant colony nearby, there just might be a reduction of spam.
Spamhaus knows the top 200 or so spammers, many with addresses. $1 from everyone who hates spam and there's a pretty good bounty, and it is cheaper than installing new filters all the time.
Re:Third Choice? (Score:3, Insightful)
We have been mistaken for spammers once, and it's not nice, we were blacklisted for 3 days before we convinced the blacklisters that we were a legitimate business, during that time our sales people had a hard time (and no we don't send newsletters or nothing of the kind, just business email).
Being DOS'd or some of the scarier options propose
Re:Third Choice? (Score:3, Interesting)
been hit by a phonebook attack yet? (Score:3, Interesting)
Re:Third Choice? (Score:3, Funny)
Yeah, yeah...but how much money did you make?
Re:Can I just say... (Score:3, Interesting)
Well, sure - it's an escalation, there's no doubt about that... but I'm game anyway, and I bet a lot of other people are too. Here's the thing:
Blue users are generally security-conscious. They probably use various antivirus technologies already, and can spot social-engineering techniques a mile away. Most ISPs and webmail providers provide automatic virus scanning anyway, and some ISPs provide a free copy of AV software. So there would be many Blue users who would be confident of weathering a storm of v
Re:How? (Score:4, Informative)
I understand the idea was to SPAM the Spammers.
But who exactly did they span? The spoofed addresses? The owner of the original IP?
In the USA there is legislation that attempts to legitimise sending of unsolicited commercial email. This is the Can-Spam [wikipedia.org] act and says among other things that if you want to send such, you must provide an opt-out method for people who dont want to receive it.
Obviously this only applies to US businesses who want to send junk emails, but there are plenty of those - and they think that because they follow the rules and provide an opt-out that its legitimate business.
Now, these companies contact or are contacted by somebody who is willing to send out bulk emails on their behalf for a fee. Often this turns out to be a scumbag bot operator in another country and as such is not subject to the US rules. These guys are beyond any law except the law of supply and demand.
What the Blue Frog people did was set up a system where you could forward junk mails to them, and they would discover the originating business and automatically fill out an opt-out request for you. This costs the US companies who are trying to run a business time and money to process and makes it less attractive for them to pay the spam kings to send the bulk mail and thus reduces demand.
Less demand is less money for the spam king and one or more (I would not be surprised to find a cartel) decided to attack Blue Frog.