Slashdot Mirror
BlueSecurity Database Compromised?
Stray1 writes ""You are recieving this email because you are a member of BlueSecurity...." An email from unknown detractors has taken the Bluesecurity anti spam lists and decided to take matters into their own hands. I recieved this Email from an anonymous, and garbled host, which went on to say in not so fantastic english that I, as a Blusecurity member, would recieve this and many more (about 20 -30) spam messages a day until I left the blue security community. Blue Security, (www.bluesecurity.com)a website and community designed to lessen your Spam Email, is down for the moment. Is this what we have come to? Spam,(erm 'high volume email') companys holding your address hostage until you comply? "...We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user". I have to say, up until this point, my spam was down by about 70% to 80%."
What the hell does 20 or 30 messages mean? Nothing at all to me. I reject anywhere from 20 to 40 THOUSAND emails daily, on a domain with precisely two email users: My wife and me. The vast majority of the crap I get is easily rejected because it's sent to bogus (as in, they never ever existed) email addresses. SpamAssassin catches much of the rest.
It was a joke! When you give me that look it was a joke.
We really need to take the internet back from these guys. Reply to every spam e-mail by going to their web site, and filling out bogus info. Give them bad information overload. Same thing goes for junk mail and telemarketers. When somebody sends you a credit card offer, send it back to them, writing "Take me off your list". Make sure they have to waste so much time throwing out bad mail that it isn't worth their time. When telemarketers call, ask them to hold on a minute. Then set down the phone and don't pick it up again for 10 minutes. That will dig into their costs.
Taking guns away from the 99% gives the 1% 100% of the power.
BlueFrog has been criticised for it's so-called "vigilante" approach.. it's not alone in this approach, but perhaps this does go to show a potential downside: spammers are evil - pissed off spammers will simply direct the evil at the people who pissed them off.
Never email donotemail@WeAreSpammers.com
Here's what I was sent:
"Hey,
You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).
You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.
How do you make it stop?
Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.
We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.
By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.
Why are we doing this?
Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.
If BlueSecurity decides to play fair, we will do the same.
We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.
If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.
We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.
You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..
Just remove yourself from BlueSecurity, and make it easier on you.
Sal Webber"
http://members.bluesecurity.com is still up; I don't know what they did to www., but it seems to be down.
Meanwhile, stay on, ride it out. Use your spam filter to catch the spams; heuristics will still capture the spams they're sending if they're reported. This guy is desperate - likely going bankrupt - and some of us in the Blue Community would like to see him and his sort become paupers for their asshattery.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
When will the world learn, violence begets violence and spam begets spam. Lets find a real solution to the problem rahter then a vigalante justice.
Actually, I've found that things some people think are unfortunate or bad beget shallow, empty platitudes.
Sometimes, violence simply ends violence, because there is no other way. Sometimes, fighting fire with fire is the best way. Sometimes showing someone what it's like to suffer the consequences of their own actions actually changes their behavior.
I'm all for as many technical approaches as possible, but finding "a real solution to the problem" that doesn't involve some degree of making this painful/costly for the spammers simply isn't going to work. Even if, through filtering, you can get 99% of the stuff blocked, all they have to do is increase the volume that much more to make that remaining 1% still pay off. Remember, they're not paying for their own overhead most of the time.
Your "real solution" comment, in the context of "violence only begets violence" is completely tone deaf. You're applying Israeli-Palestinian-conflict-type babble to a completely different situation. The spammers are not oppressed, or the victims of some historical violent wrong... they're a parasitic, bandwidth sucking plague. Any means by which we can stop them is called for. Surely you don't think that you're going to just turn the other Bayesian Filter Cheek, or write a Korea-bound, thought-provoking appeal to integrity and expect the onslaught to stop? Tempting as it is, no one is suggesting actual violence - just a substantial response in kind, only when provoked. It's called self defense, and it's an appropriate measure because it only happens when an illegal spammer causes it to happen.
How fortunate for you that you've never had anything violent threaten you, requiring you to offer up a physical deterrent to stop it. If you had, you might rethink your metaphors.
Don't disappoint your bird dog. Go to the range.
As many spammers choose to comply with the Registry (see our recent blog posts here, here and here), other spammers may resort to other means in an attempt to avoid compliance.
A major spammer had started spamming our members with discouraging messages in an attempt to demoralize our community. This spammer is using mailing lists he already owns that may contain addresses of some community members.
We have also received complaints from users about spam allegedly sent from Blue Security promoting our anti-spam solution and our web site. This is yet another tactic used by some spammers in an attempt to slander us by sending unsolicited email forged to appear as if it was sent from Blue Security. Blue Security is an anti-spam company determined to fight spam and as such never has and never will send unsolicited email.
Our answer to those criminals should be one - we will not be discouraged; We will continue to exercise our right to opt-out of spam.
If you are not a member of our community, now is the time to actively fight spam and make spammers leave you alone. For more information click here.
If you are already a member of our community, make spammers hear you load and clear - report your spam, let Blue Frog fight spammers on your behalf.
We regret any inconvenience caused by this incident.
Best Regards,
Blue Security.
then they laugh at you...
:D
then they fight you...
then you win
One thing is safe to know: At least the spammers are now PAYING ATTENTION to us. A year ago they didn't even know we exist. Then they tried to give bad publicity to Blue Security in anti-spam websites (they said bluefrog was a botnet).
Later, SendSafe included an option to use bluefrog's list to NOT send spam to those addresses.
Finally, they're targeting us directly. You know what that means B-)
Also, I doubt the database's been compromised. I'm sure they only diffed the original and the filtered e-mail list. This means that only a small percentage of e-mail targets has been truly released.