Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers on the Run

Posted by ScuttleMonkey on from the canned-spam dept.

ericald writes "An interesting update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system. In another update in their blog they report they have already recruited over 21,000 users. It's about time spammers start feeling the heat! I'm just surprised they show results so soon."

9 of 297 comments (clear)

  1. Re:Spammers fate by SFalcon · · Score: 5, Insightful

    When the spammers can afford to pay $7m to Microsoft, I don't think they need to worry about being hired by anyone.

  2. Re:what do they do? by CDarklock · · Score: 5, Informative

    Blue Frog essentially responds to spam with complaints. So spammer X sends fifty thousand spam mail messages to Blue Frog users, and he gets fifty thousand complaints back. It's an eye-for-an-eye technique done properly: one spam, one complaint.

    I see this as having two major effects. First, it keeps the spam away from you. Second, it informs the spammer that nobody read his spam. Spammers *depend* on human beings reading their spam. As long as nobody reads it, nobody buys.

    --
    Microsoft cheerleader, blue flag waving, you got a problem with that?
  3. Re:what do they do? by L.+VeGas · · Score: 5, Funny

    What does this blue frog inituative do thats so magical to get rid of spammers.

    You really don't know? Geneticists have engineered a breed of frogs that subsist entirely on Spam. An interesting side effect is their attractive blue coloration.

    --
    Best Windows Freeware
  4. Re:Spammers fate by Dunbal · · Score: 5, Insightful

    Employers certainly will rethink hiring someone with such tainted credentials.

          I know we're living in the era where corporations and employers believe they have the right to do anything they want. But while refusing to employ someone on hearsay is within an employer's rights, there's a chance of shooting yourself in the foot and actually hiring the guy who was smart enough to cover his tracks, rather than the silly, average person whose box was "owned" and spammed without thier knowledge.

          Oh but we all know that search engines are infalliable and are the best way to screen a potential employee, right? Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name? Frankly this would not be an employer worth working for.

    --
    Seven puppies were harmed during the making of this post.
  5. Re:Anti-Blue Frog by Quiet_Desperation · · Score: 5, Funny
    Personally I think the "WORST kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

    You misspelled "best".

  6. Re:Realistic View? by Rev.LoveJoy · · Score: 5, Insightful
    I think by and large most corporations are taking this tack in dealing with spam sent to their MTAs. If you do not do business with that country, ban their IP block. This is an inexpensive 100% solution to spam from overseas.

    Public ISPs, universities and government centers do not (and can not) take this route. So these orgs must take another path towards dealing with international spam.

    Filtering works. Greylisting works. These technologies help a great deal against the zombie armies everyone said would be unstoppable spam sources.

    I am glad you have a solution which works for you (and to some extent, I agree with your soultion), but I would hate for the balkanization of the Internet to come about due to the misbehavior of a few rotten apples. I think there must be a better way.

    Cheers,
    -- RLJ

  7. Re:Anti-Blue Frog by RealAlaskan · · Score: 5, Insightful
    Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

    Isn't that spelled ``best''?

    Seriously, the grandparent post refered to this as a DDOS. If the spammer sends me an email, he's certainly got no right to complain if he gets one back. If he gets enough back to shut down his website, well, he shouldn't have sent so much spam, should he? My understanding is that Blue Frog tries to send an unsubscribe message for every spammed address (their website is slashdotted)? If so, the spammers have already announced their willingness to get that message, and it is obviously legal.

    --
    See what I've been reading.
  8. Make them run using Postfix? by xiando · · Score: 5, Informative

    smtpd_sender_restrictions = reject_unknown_address
    smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    permit_mynetworks,
    reject_unauth_destination,
    reject_rbl_client ombie.dnsbl.sorbs.net,
    reject_rbl_client relays.ordb.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client sbl.spamhaus.org,
    permit

    We are also using SpamAssassinn / razor / clamav using amavisd-new. The main mail account used for everything from clients webmaster@ mail to contact@ are getting numerous spam daily, yet only three or perhaps four a month get delivered... and those are added to our body_checks.txt which is publicly available for download by anyone, including spammers who I have a feeling makes spammers think twice and clean us off their list when they find themselves listed there using search engines etc.

    --
    9/11: Never forget it was a false-flag operation
  9. Re:what do they do? by Fordiman · · Score: 5, Informative
    Almost. The process works as such:
    For each e-mail address you regiester with Blue Frog, they create a honey pot account and seed the internet with it.

    Each spam that honey pot gets is entered into a database, based on links contained, ip address sourced from, etc.

    Humans look over the databased data, using it to find out who the source of common spams are (not the spammer, but the company who hired them).

    Then, for each spam from that company found in a honey pot, a complaint is programmatically sent from the BlueFrog software that sits on the honey pot owner's client computer.

    Essentially, it's a set of software that allows you to complain about spam in an organized way without actually having to do the investigation, etc yourself. Further, since it keeps all information to just the honey pots' data, if the spamming company decided that your complaint is evidence that you want more spam, they get complained against further. The more users that are members of the Blue Community, the more damaging this is to the offending company.

    Spamming is cheap, and virtually without risk. Essentially, this is a legal way to shift reality so that it's more risky to pay a spammer for your advertising.

    Yes it's legal. No, it's not spamming the spammers. They only get one complaint per spam recieved. You'd do it yourself, given the time to do so. Meanwhile, you've explicitly installed a piece of software to do it for you. If that breaks their server, well they probably shouldn't be sending so much goddamn spam.

    --
    110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1