Slashdot Mirror
Spammers on the Run
ericald writes "An interesting
update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system.
In another update in their blog
they report they have already recruited over 21,000 users.
It's about time spammers start feeling the heat! I'm just surprised they show results so soon."
Spammers must realize by now they run an awful risk by having their true identities tracked down and then posted for punishment. It won't be long until search engines (Google, Yahoo, etc.) start compiling results for them such as, "Mr/ Mrs X Illegally spammed millions of people." Employers certainly will rethink hiring someone with such tainted credentials. It just isn't worth it nowadays to harass people with unwanted/ unwarranted emails. This is a resounding wake-up call for these cretins to rethink their ill-fated profession.
"Simplify, simplify, simplify!" Thoreau
...Unless of course Blue Security would like a list of the spammers who are filling my email, then perhaps I will change my opinion ;)
do.what.promptcmds
I'm confused. What does this blue frog inituative do thats so magical to get rid of spammers. "Look we're getting rid of spammers"... Well HOW?
Its great and all yes? But what are they doing?
snowulf.com
I'm amazed at Blue Security's success. They've gotten a few spammers to shut down a few domains.
The odd thing is, I'm still receiving as much spam as I've always received. No matter how many tens of thousands of users they sign up for this process, I fear this is going to be a very small drop in a very large bucket.
I'm a big tall mofo.
:( that was awfully quick. anyone manage to get a mirrordot of it?
For those that don't know what Blue Security does, see this thread.
Basically, they DDOS spammers websites in hopes that they will shut them down.
If I understand this correctly these guys are exposing the identities of spammers including how many people they exposed to their unwanted messages? That's an interesting approach, but might get thrown down in U.S. courts due to privacy regulations. Hey, don't kill the messenger ;-) I just know how the legal system works over here and I'm sure these guys will not roll over and head for the hills. My bet is that they'll pay some high class lawyers to keep their identity from being released. HOWEVER, with that said - IF the identities would be posted icognito, then there's nobody to sue, right? ;-)
Sorry if I'm offroading here - maybe I misunderstood the post (it's leaving out a bit of detail, you know...)
I liked the mention of the domain registrar taking up a zero-tolerance policy after the spammer shut down their domain. I'm starting to think that with more people around the world getting online, more people around the world are getting sick of spam. This could help us eliminate some of those off-shore servers that spammers love to hide behind.
;)
Give everyone in the world email for a week and then see all the government action we desperately crave
Perfecting Discordia
www.stevenvansickle.com
It's lubricated!
But I guess it may work in some cases. I bet these guys making headlines for getting retaliated against sometime soon.
For some reason I refuse to use either spell check or the spacebar properly.
An interesting article over at TechNewsWorld about how Blue Frog is not what we need in the battle against spam. "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal."
do.what.promptcmds
Blue Security
asdlkjfea.com, alsfajega.com, aksdfaewl.com, hkassautdn.com, egmymaridjk.com, lhperdixnd.com, clthriftbf.com, bibiae.com, romisingfeasibility.com, betheuplift.com, fundamentalstojoy.com, dealandvaluematch.com, valueandassets.com, oursuperbiz.com, and best of them: truthfoundhere.com
maybe spamfoundhere.com?
Sue/fine/arrest/jail spammers? They'll move abroad where we can't find them.
Get a legal framework that will be enforced in all the countries connected to the Internet? Good fscking luck.
I just hit the "join beta" link and didn't fill out the form, on the page you signup I see:
System Requirement
Windows 2000/2003/XP
Ok so I'm out, last windows I read email on was Win95 or maybe Win98, some bullshit virus or another screwed me over, I ain't "done email" on Windows of any type since. Oddly enough, I haven't had any viruses, spyware, adware, or malware since then either.
So while I applaud efforts to reduce spam, efforts that requre Windows seems silly at best and are efforts I can't join in on. Even my wife no longer reads email on Windows, the last time her Windows PC slowed to a crawl due to spyware instead of spending 3 or 4 hours googling for the latest cleaners and finding out what new and not at all entertaining spyware she had, I said "fuck this' gave her my new and as yet unpacked Mac Mini and she hasn't had any spyware problems since. Ripped her PC apart and installed Linux on it to replace my laptop as my main "work" pc.
--- www.f-theocean.com
Whot about the bloke in Russia who got 'blown away' with a gun for excess spamming?
An interesting update from Spammers-R-Us, Inc [...] In another update in their blog, they report they have already gotten over 21,000 Slashdotters to hit the Blue Frog site. It's about time spamfighters started feeling the heat! I'm just surprised they show the results within 20 posts on the thread!
- with apologies to the original article poster :)
Let's be sure to give proper credit to Congress and their ultra-effective CANSPAM act.
I'm sure all the Chinese, Polish, and Russian spammers are shaking in their boots. For them, there will never be a solution other than IP block banning and similar measures. If you have the time and energy to waste on "dealing" with this group, more power to you, but I'm done even thinking about them.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
You would only get a decrease in spam if you you've signed up for the blue security do-not-email registry.
I'm sure it has little/no effect yet, but if the community becomes large enough, spammers might decide that it's not worth the hastle to email blue security community. In which case they will run their lists againast the do-not-email. That is the idea anyway.
I don't know how many members this would take - or if the spammers will figure out some way to filter the responses first.
TODO: come up with a clever sig
Hey, we have to start someplace.
And I really like their approach better than that of SPEWS.org and others like it who take the laze route and just block a Class C worth of IP's at a shot. They think that by ignoring it, it will go away. Nevermind that a lot of innocent domains and users get caught up in their net.
I applaud Blue Security's efforts and with them all the luck in the world in the efforts.
I propose the Blue Steel program where spammers are hunted down like animals. Sponsored by Colt. Successful hunters will be allowed to mount the heads on their walls.
Norman: If you alway lie, and you are lying to me now, you must be telling the truth. But if you tell telling the truth, you must be lying to me.....
Fight Spammers!
If even .1% of spam spam victims sued Snotty for the spam that he sent, he would be out of money.
One large spam suit usually does not take out a spammer, but 1000 or 10,000 smaller suits will.
Fight Spammers!
As a spammer, I can honestly say that this is just a small victory. For every attempt you make to squelch us, we will always find another way to reach our audience. If the truth be told, there are far more people who are responsive to spam than there are people who dislike it. The sales figures for the businesses we serve prove this. But no matter, you can be happy in your small victory for today. The truth of the matter is that what these supposed security experts are doing is disrupting important commerce. This is a crime in any civilized nation and it will not go unpunished. Additionally, we have operatives around the world who will go to any length to preserve their employer. It is only a matter of time before the criminals behind these disruptions in our services are brought to justice. Always remember this. We live in a god eat dog world. We will always be the bigger dog. Never forget that you puny little fuckers.
of Spam, I would send email
for competitors.
More people will hire
me - my competition is
DOSed to death!
Slashdot, the greatest server destoryer known to man
IMHO, sender pays (ala hash-cash or something like it) is the only way to make a meaningful dent in the spam problem. I know this fails one or two of the "reasons" on that list as to why it won't work, but doing nothing also doesn't work. Why don't Free programs implement this so people at least have the option of using it? I'd actually prefer a problem that can scale much larger - like taking a minute or even an hour on todays computers - so it will still be viable in the future. Yes, there are issues (like mailing lists) with this approach, but there are ways around those too. People have to be willing to do SOMETHING. If someone doesn't do something, someone else (think MS) will. Then we'll have a proprietary "standard" for dealing with it. You folks maintaining the software just have to get some nads and take a little initiative on this. If you wait for some company to devise a solution, they aren't going to just give it to you.
is the root of the problem and you are right it won't work in the long run. I say the IT industry should stop spam fighting, and start punishing the people who respond - hey it worked for the War on Drugs, um, nevermind. V0
We have a blog post to PR a "spam-catcher" - how is this different from spam, which is an unpaid commercial advertisement?
I'm just saying it's not news per se, nor is it really tech per se.
sigh.
-- Tigger warning: This post may contain tiggers! --
smtpd_sender_restrictions = reject_unknown_address
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client ombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
permit
We are also using SpamAssassinn / razor / clamav using amavisd-new. The main mail account used for everything from clients webmaster@ mail to contact@ are getting numerous spam daily, yet only three or perhaps four a month get delivered... and those are added to our body_checks.txt which is publicly available for download by anyone, including spammers who I have a feeling makes spammers think twice and clean us off their list when they find themselves listed there using search engines etc.
9/11: Never forget it was a false-flag operation
The net always claimed to be self regulating.
A large organised effort to police things is surely self-regulation and not vigilantism.
What are the other options, let Governments pass laws against stuff ?
Well they just include all sorts of super shutdown and wiretap powers.
So c'mon buy those Vigilaties a beer.
P.S. I am posting Anon to avoid antivigilanty vigilany actions, er or something...
Obligatory CUBE Reference: "Ass-tro-nomical" ;P
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
> We live in a god eat dog world. We will always be the bigger dog.
So... if I understand your spammer religion correctly, you will spend your afterlife as a particularly large and tasty snack for God?
Man, you guys are crazier than I thought.
You will eventually go to jail. Then we will send your cellmate, Bubba, penis enlargment pills, cialis softabs, penis enlargment patches, and SPUR-M, just for his enjoyment.
Spammers could care less about the responses they get to their emails that are junk.
If 1 in a million buys something - it is worth it for them. Even if you do succeed in DDOSing one spammer out of action - it is only temporary. The spammer will simply buy a new domain.
If people really wanted to stop spam, they would complain about / to the companies that advertise in such a way. No company wants to be associated with spam. Sending thousands of emails to the company would be much more effective, especially if they sent them to customer support addresses and such where it is hard to filter out emails.
As long as businesses feel that spamming is a viable advertising option - spammers will exist.
There is always a frontier where there is an open and willing mind
How's the quote go? "Capitalism is terrible, but beats the alternatives"?
So we should ignore the fact that all previous solutions have failed, and users have become completely complacent with the advent of spam filtering software? (currently, antispam software is a spammer's best dream; he/she doesn't irritate the users who care enough about spam to do something about it; either install software, or switch to a different ISP, etc.) Should we ignore that ISPs/MHP's don't care? That backbone companies gleefully watch the bucks roll in from traffic from spam?(would YOU say goodbye to 1/3rd of your revenue stream?).
The internet is very much like the Wild West. It's a brave new frontier, the government doesn't have the ability to maintain order, and so on. In a vacuum, someone's going to step up to the plate to maintain order. Thusfar it's been spammers.
I've heard claims that vigilantes will endanger legitimate businesses. That's just too bad. If you can't play baseball because Mommy took away your baseball bat- well, maybe you shouldn't have gone around smacking people on the head with it. At every oppertunity the commercial world has failed to regulate itself (example- HP could chase after the spammers offering HP toner cartridges. Drug companies could chase after spammers offering viagra. Do they? Only with a token effort.)
I think commercial interests have had plenty of free run with "the whole internet thing"; we've seen a huge boom and collapse because they made false promises and lied through their teeth, and now they're running what is left into the ground via spam. People are finally realizing "fight back" is the best way.
If a few eggs get broken to make the omlette, so fuckin' be it. It's time to remind businesses that the internet is for everyone, and not in the "rape, pillage, and burn" sense.
Please help metamoderate.
Just as a proof of concept, would somebody please start sending out millions of "fake" spam messages, all with links to every one of SCO's web pages? Thanks!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
If you'll always be the "bigger dog" does that mean that the god who eats you will be better fed by doing so? What exactly is your point?
Remove their domains. If a domain receives x complaints in y days have their domain suspended. I mean this from a domain angle rather than a hosting/ISP angel: have the domain registers/DNS's drop them.
Wouldn't it be a shame if the program "accidentally" got into a loop and sent 21000 complaints per 1 spam. That would be so sad. I "hope" it never "accidentally" happens.
So how about picking a real solution then?
/.
:)
Sender pays won't work, if there are any loop holes allowing some users to send free of cost the spammers will find a way to use the loop hole. (to say nothing of the exemption that would be applied to goverment offices and congress critters, charities etc.) Imposing such fees would end the Internet as a relatively efficient means to exchange ideas and information.
DDOSing the web sites that sell the crap pushed in spam while some what satisfying is as you point out not a final solution to the problem.
Over the last year or two of this topic being brought up time and again there have been several very effective solutions proposed here on
First get all the ISPs to block port 25 except for their email servers. Allow users to request port 25 be opened for their address if they want to run an email server. This will eliminate virtually all of the spam bots that exist out there on all those compromised Windows systems. But still allow end users the ability to setup their own email server if they want to.
It is important to note that the ISPs must have a process in place to allow users to setup and run their own email servers. If spamming from such users is detected the ISP kills the account and bars that user from using that ISP (or possibly any ISP) ever again.
Second, send a spam out to all users. Those that actually click on the enclosed link get identified, their Internet access is revoked for life, and their computers are confiscated and turned over to schools. This will make a dent in the spammers pocket books, no customers = no money. This would have to repeated a few times a year to catch any new users. This works two ways, it immediately impacts the spammers cash flow and scares users into not reading or opening any email that did not come from a trusted source.
Hit them in the pocket book and the spammers will go away. That is the only reason they do it.
In the mean time you can implement greylisting which blocks virtually all of the spam bot generated spam out there. Again, this is something the ISPs should implement on their email servers. So this can be done now while we get the laws in place to allow people to be banned from the Internet.
Blue Frog is effective because it consumes spammer's resources -- it raises the costs of being a spammer. Spam filtering does not reduce spammer's profits in that the same people that filter spam were never likely to visit the spam site and purchase. Filtering doesn't change spammer's revenues or costs.
In contrast, a bot that visits a spammer's site consumes the spammer's valuable resources in far greater amounts that is consumed by the original spam e-mail (spam emails often being under 10kB and sent via low-cost zombies vs. 50kB or 100kB for most web pages begin hosted on the spammer's e-commerce site).
Two wrongs don't make a right, but three lefts do.
Slashdot linked to the bluesecurity page.
Their server is now growing unresponsive.
Thanks, slashdot. You just benched a test
DDoS for the spammers. They now have idea
of what kind of bandwidth and how effective
certain DDoS attacks are. (I.e., we know now
that their apache is not using a mod for
ddos survival, and this means Layer 7 is
better than L4 ddosing.) Good work, slashdot.
There is no DDOS about it. There is no flooding of their e-mail or web site. Simply a single reply for the email someone recieved. The volume aspect is simply an artifact of the spammer e-mailing large quantities of people that have Blue Security send a complaint on their behalf.
1 spam = 1 complaint
Platform advocacy is like choosing a favorite severely developmentally disabled child.
http://www.bluesecurity.com/
Personally, I am all for it.
Run, Forrest, Run!!
so i Genetically engineer some rabbits or give little rabbits plutonium.. then send them out in the night to mangle and deform the spammers in their houses, in front of their computers.. wherever they reside.. Night Of The Lepus anyone?? oops wait a minute, that might be copyright infringement on the blue bunny ice cream..
See my sig!
Actually, since I started using my sig, I've called these particular junk faxers back to see if they're feeling the heat, and one exasperated woman told me that they were! Keep up the good work Slashdotters! If we do the same thing to spammers (using something like SpamVampire), we will eventually have the same effect of hitting them where it hurts: their wallets.
Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name?
Well, if you could steal someone's identity, you'd be likley to be doing more than just creating spam accounts.
Spamming is quasi-legal in a sense because they don't have entire government departments devoted to hunting and prosecuting spammers (yes it's illegal in quite a few places, but usually it's ISP's that do the suing not the government).
Identity theft is highly illegal and is persued by the Post Inspectors General (the Law Branch of the US Postal Serivce).
With that thinking, a spammer looking to keep a low profile would more likley keep "legit" as far as billing goes and not use other people's credit cards.
Although doesn't mean it doesn't happen since spammers may not think about this problem and maybe living off other's credit card anyways.
Be nice if their a government agency that was totally devoted to fighting spam.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Of course I'm sure you don't find it at all ironic that you include spam in your very own signatture line, do you?
feh.
Ian Ameline
It can also be used against people whose identity may be used to spam out. The one's who have the capacity for mischief are also capable of making things worse for unsuspecting dudes. So go whack a spammer but make sure that he/she really did it!
Java Oracle Linux Enthusiast
Have a program recreate an image using hotlinked images downloaded from spammer sites, reduced to 1x1 images.
Sure, it will take 20 miuntes for an image to show, but think of the fun! Mosaic time!
Wait, was that already done?
No offence, but to whoever posted this article, you should really work on your grammar, or take a minute to re-read what you wrote. I've read it 3 times already and still can't understand what you're saying... Other friends also agree.
Side question, how does Blue Frog respond to spoofed return addresses? Do they try to ascertain the correct 'sent' address instead of the 'reply' address? Has anyone complained of being flooded with replies from Blue Frog when it really was not their fault?
It's becoming ridiculous
I kneow SPAM is a huge problem world wide. However i dont get why people dont learn from thier mistakes. In the late 90's I used to have tons of SPAM arriving in my inbox. Since then i now keep three email addresses; one for personal contact, one for doing online transactions and one for filling out online forms (like contests & website registration). Since then i have had no SPAM in my 2 main accounts and very little (cause im very picky about the places i register) in the account i do give out the address to. Im glad that there are businesses and government efforts to combat SPAM but some of the responsibilty can still be layed on the shoulders of the fools who continue to give out their address to every ipod give-a-way website they see. Come on people, wise up. Help these do-gooders help you!
Don't ya hate it when the correct spelling of your favorite screen name is taken?
What we should do here at Slashdot is have a section where new and old spammers domain's are listed daily so the entire Slashdot community can send an email to their domain with a large attachment and kill their bandwidth. I'm sure the spammers ISP/Hosting company would love that.
Kickass Cheap Web Hosting
Spammers change domains the way normal people change underware. The fact that within a few days of Blue Security sending their malcious complaints to a spammer's website (which is set up on a throw-away account at a Chinese ISP, registered through a reseller for one of the minor registrars, who will, in three days, cancel the domain registration ANYWAY), is not evidence of ANYTHING.
Correlation is not causation!
Spammers have been rotating through domain names for years now. You can watch it on a week-by-week basis, as a whole series of domains with the same nameservers takes responses for the same spam months on end. Even when the spammers change nameservice, they tend to do it in predictable ways.
In one week's time Blue Security has manages to slightly ruffle the feathers of a total of THREE distinct spam operations. Big whoop.
http://www.bluesecurity.com/solutions/overview.asp >
" Spammers are required to download Blue Security's Registry Compliance Tools to clean their mailing lists from e-mail addresses appearing in the Registry."
" The Registry is enforced by the Blue Community and uses Blue Security's Active Deterrence, a patent- pending technology that disrupts the business of merchants, advertisers and spammers who choose to ignore the Do Not Intrude Registry."
Well, PATENTED idea? - no, thank you then. I thought it was a community effort, based on free ideas and standards. Isn't it like paying for "protection" to your neighbouhood bully after all?
He'll probably notice the slowdown, or his ISP will, and this will provide a huge incentive to get his machine fixed. If your box is hacked and the *worst* thing that happens to you is that you get DDOSed, you should consider yourself extremely lucky, and should be happy you were warned that something was amiss, even if the result was pretty painful.
Mailing list servers would be heavily burdened sending a lot of email, but there are ways around that. These things would require a little effort to implement, but then it would be done and over with. My personal preference would be to issue a (randomly generated) factoring problem for each email received. Since you have to subscribe to a mailing list (effort) you could do the following:
1) tell your mail server to always issue the same problem to mail from that address.
2) give the list server the problem and answer upon subscription - no work for them to actually do to send to you.
3) make it an extra hard problem so people forging email from the list server get an infeasibly hard problem and choke on it. It has to be that hard or they could expend the effort to solve it once and then spam away.
I think hashcash works differently and doesn't require any extra interactions - like issuing the problem to be solved (I thought it was dependant on the email content). But their solution is available for implementation today.
The point is that CPU time costs money, and that most people have a mostly idle CPU. A spammer wanting to send millions of emails couldn't handle the load, but your friends wouldn't mind. What about businesses like Amazon? While, spending 30 CPU seconds to send an email (order confirmation for example) is a burden, it's nothing compared to the total transaction dollar amount. Go ahead, charge me an extra nickle for that book order. Yes, I'm likely to raise my cost to a level that takes that long to compute - until my spam reaches a very low level. People I get email from generally won't mind - especially if their email software can do it in the background after they hit send.
Zombie networks would help the spammers, but when the Zombies start eating all their CPU sending mail (instead of all their network bandwidth) people will do something about it. Zombies are a different problem and "sender pays" may actually bring about its solution.
I really dislike white/black-lists and central authorities. They have their own associated problems. Sender pays doesn't require anything like that. It only requires a standard to be adopted and implemented in mail servers and client software.
But, if 1000 seperate plaintiffs file 1000 different suits, but trade documents, it will be simpler for the plaintiff, but a much bigger head ache for the spammer. And many of the spams permit attorney fees.
Fight Spammers!
Now that spammers are the underdog and under threat from The Man, here rides the loony left cavalry to the rescue - red Che Guevara underpants on their heads. Corporations are denying jobs to the spammers! Revolution, comrades!
I laugh.
I'm glad that Crazy Frog Initiative was good for more than just a ringtone. Goodbye spammers! I hear the Crunchy Frog Initiative will be even more ambitious.
Oh wait...
That /. story, as typical for so many /. stories, was either in error or intentionally inflamatory in calling it "DDOS". Blue Security does not DDOS spammers. They simply flood the spammer's inbox with requests to unsubscribe, thereby making sorting through all those unwanted emails to find the profitable ones from legitimate suckers into an unprofitable task. Again, they do not overwhelm servers by sucking up their bandwidth, they only fill the spammers' email inboxes with legitimate email spam list removal requests.
If a job's not worth doing, it's not worth doing right.
Be nice if their a government agency that was totally devoted to fighting spam.
It would be nice if there was a government agency totally devoted to fighting mosquitos and another one totally devoted to giving me money. We already have an entire branch of government that should be devoted to protecting us from spam, and it is called the legislative branch (Congress for short). Unfortunately, they allowed themselves to be bought off by a number of mass-mailers that include Microsoft with the totally toothless CAN-SPAM act of 2003.
The act basically allows any company to email you as long as there is an opt-out provision. That opt-out may even include you sending a snail-mail letter and paying the postage. Or, if the opt-out link only works between 3:00 AM and 3:01 AM, that is also okay. If it takes two hours to work your way through the opt-out process or multiple replies, that is also okay. We have the best government that money can buy.
yeah right
no sig, but i clicked the link to your HP
Free Porn. Period.
Congratulations! You've found the largest free porn site on the web!
So, sit back. Relax. Enjoy. Look around. And most importantly, remember to bookmark us.
We've got more new free porn for you constantly and it's updated instantly, 24/7!
ARE YOU A BROKE ASS THAT ONLY LIKES FREE PORN?
I saw your subscriber number and was amazed at how old it was..I then equated this with some belief that you were a savvy person.
I realize that your type of attitude is what allows spammers to continue to thrive.
Meanwhile its proposed that the net be used to down load movies. Children are downloading huge amounts of MP3. Twitchkiddiegamers are consuming huge amounts of bandwidth....YET you complain when someone wishes to fight spammers with an intelligent tool that consumes a smallish amount of bandwidth.
Get real man.
I run Blue Frog. The amount of bandwidth is quite small and not intensive at all. The usage is broken out over time. Interspersed as it were.
And just who cares if the Chinese Commies are getting their websites blasted anyway. We have to buy their cheap trash at Wally World no thanks to our greedy CEOs and Corps who have zero patriotism.
On this web page, which was the first one cited in the original story, they say that the spammer's registrar changed its policies at the time Blue Security did their organized complaining. This surely was not a complaint, but I don't see anything in Blue Security's actions that would give the registrar an incentive to change behavior. Does anyone know why the registrar changed their policy?
...mod parent DOWN.
Newsflash buddy. As much as the US government would like to, they don't control the entire world.
What I couldn't figure out, until reading one of the steps in their "Active Deterrence" info page, was how the complaints work. After all, spam sites don't keep a "complaint board" open for us to use.
Basically, any spam site is going to have some kind of form for you to fill out to get more info, or initiate a purchase, or something. For each spam that your honeypot address receives from a company, assuming they ignored the warning, BlueFrog goes to that website, fills out crap in the form, and hits Submit.
So what? So, instead of most of their submissions being interested buyers, they have to go through all of them to see which are buyers and which were entered by the BlueFrog bot. This wastes their time, costing them money. Also, their bandwidth is wasted. So if they happen to send 5000 emails to honeypot addresses, that's 5000x their website was loaded, without any financial gain for them.
So, their costs go up, and their revenues don't. It's much less profitable to be a spammer, period.
Global warming is neither science, nor politics. It is a religion.
If Blue Frog only runs on a Windoze platform, how do we know it isn't just some clever spyware app that clever spammers put out to lull us all into complacency?
Cheers!
It's odd to read posts on here about people making profits from spam. I was always under the impression the emails aren't selling anything. They sound improbably enough. I thought it was all down to people inventing crap to send badly-worded useless emails to annoy everyone.
- the ones that actually set up the botnets on peoples' MS-Windows boxes and churn out millions of spam message
- the ones that hire the above to advertise their product or scam
It is the latter group that is easier to track down and take out. For example, if they are falsifying any contact information or even any message headers, they are breaking the law (in the US). But there are probably many other laws that can be drawn in.Not quite a slam dunk, but the next best thing. It's a case of following the money. They have to have a legit contact datum somewhere in order to collect money...
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
You agree to comply with all treaties, laws, rules and regulations applicable to your use of the Site. You agree that while using the Site You will not:
*harm minors in any way;
*"stalk" or otherwise harass another person;
*restrict or inhibit any other User from using and enjoying the Site
Indemnity.
You agree to defend, indemnify and hold Blue Security, its directors, officers, employees, agents and affiliates harmless from any and all claims, liabilities, damages, costs and expenses, including reasonable attorneys' fees, in any way arising from or related to your use of the Site, your violation of the Terms..."
(emphasis mine)
In other words, I'm not only not allowed to smack minors, have sex with minors, or in any other way harm them while simultaneously using the site. We're not allowed to "stalk" spammers. Oh, and we're not allowed to DDoS it by posting a link to it on slashdot, since that will restrict others' capabilities to access the site.
To top it all off, I agree to defend them should my use of the site result in any sort of legal actions? Am I reading this wrong? By signing up am I actually agreeing to DEFEND them, in court, or just agreeing to PAY for their defense? Or maybe testify on their behalf? I'm no lawyer, but these contracts scare the crap out of me.
SWM seeks new sig for a brief fling
I get a kick out of hearing people squawk about the "ethics" of this kind of response. Certainly the practice of delivering a powerful DDOS attack on a Website and thus bringing it to its knees must be carefully scrutinized, but then so must delivering a powerful groin kick to a would-be mugger and thus bringing HIM to HIS knees. We are under attack from spammers, and must use a measured and appropriate response. If someone tried to take your purse, wouldn't you have the right to defend yourself? Back in my Tae Kwon Do days, we were taught to abstain from violence unless it was first visited on us, and then to respond only to a level sufficient to put a stop to the nonsense. This is Blue Security's position. In my opinion, the spammers have initiated the aggression and are reaping a just response. Vigilantes go out and look for trouble. Self-defenders wait 'til it comes nosing around and then give it a black eye. Or in this case, a blue frog.
The Random Obituary Generator of Doom
How is this different from opting out directly to the spammer, according to the instructions received in the spam message, something we have been advised and kept advising others since the beginning of time... I mean beginning of spam? The idea is that you should never confirm to a suspected spammer that you have read his mail; that will only increase his profit when reselling your address, and you will receive more spam.
I will only bother to unsubscribe to a mailing list I have voluntarily subscribed to, period. Giving the spammer even one chance to remove my address from a list he compiled himself (or bought from another spammer) means treating him with the same respect as any honest mailing list owner, something I cannot do. When an honest mailing list owner ignores my unsubscribe request, I complain. When a spammer wastes my time sending me mail I never asked for in the first place, I detonate - there is no time for graceful escalation, a process reserved for those who have merely made an explainable and excusable mistake. Spammers don't make mistakes, they are mistakes.
Even if I would award the spammer the benefit of graceful escalation, the removal of a single e-mail address (or even all the addresses of some organized community, such as the Blue Community) is much too small a compensation in return for my labour. If his mailing list is tainted by inappropriately added members, then all of the list has to go, not just those addresses that have been listed with a particular service. Otherwise, this community will become a service to the spammers just as much as to its own members, leaving non-members out in the cold, as unfortunate victims of continued abuse. Sounds too close to a protection racket to me, even if no money is paid for the service...
Life is too short for complaining about spam; immediate blacklisting (with a working mechanism for appeal; even we can make mistakes) of the spammer's IP address, netblock, service provider, or country (as deemed appropriate) is what I consider the only workable solution in the long run, because I have other things to do than pruning the mailing lists of spammers. And yes, I work at a (Swedish) state university, where blacklists are frowned upon by administration. I have therefore abandoned my university address, instead using a private domain where I can install any blacklists I like. In time my employer will learn too, I hope, but I will not let myself and my delete button suffer under this load of junk until then (whether next month or after my retirement). I may even offer my service to my colleagues, when I find it stable enough.
There are 4 billion IPv4 addresses out there. Refusing access from 100 million of them is no big deal, especially if you can point to evidence of past abuse. Want to send me mail? Sure, just shut down all the zombie relays your ISP has been hosting for the past two years, wait a month for the results to be verified, and your ISP will be delisted. If your message is urgent, use my formmail service. Thank you for your kind assistance!
When you are executed in China they send the bill for the bullet to your family.
This serves two purposes: One, they get reimbursed for the cost of killing the family member. Two, the family, their neighbours and everyone around who hears about it gets reminded that China has a death penalty. It's probably more effective than posting it on the news.
You have a sick, twisted mind. Please subscribe me to your newsletter.
If you want to keep the US from total world control, then simply tell your government not to sign and deposit those aid checks and IMF Loans.
T Roosevelt said "talk softly and carry a big stick" well Newsflash buddy, that stick has a carrot tied to its end now.