Slashdot Mirror
Blue Security Gives up the Fight
bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
Anyone want to state the obvious answer?
Hey, wait a minute, I've followed Blue Security since I first read about them on /., and I can't believe they're just gonna fold up shop and give up! Isn't this what they got into the business for? Can't they take this attack and use it to demonstrate the validity of their concept? I wish they could think up another tactic besides, 'you win' -- perhaps diversifiying their URLs/IPs so that they're more spread out...less vuln to an attack on one IP? Come on, what do readers think...I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.
fak3r.com
"When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."
Hell, the idea of flooding the spammers network is older then a reasonably aged Armagnac and was discounted even when it came up.
Building a business model on such an innane idea looks as if the company execs are a few fries short of a happy meal. Speceifically since they where warned by more experienced people.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
This episode proves that the spammers own and control the internet.
The internet is no longer free (not as in beer). We must pay obesience to the owners by allowing their spam in out inboxes.
I, for one, do NOT welcome our spam-spewing overlords.
Ignorance is curable, stupid is forever.
I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.
Trolling is a art,
I'm not a whiney mac fanboy, and even I get very very little spam. It's just not a day-to-day nuisance for me.
It's hard not to fall to vigilantism when there's no sherriff in town to keep the peace on your behalf...
According to The Washington Post, Blue Security has closed it is door which
http://www.stormloader.com/garyes/its/#top
It's not that hard.
I'll wait to see an official satement from them. Considering they are offline right now, likely due to another DoS, and the spammers have spent the last 2 weeks doing joejob attacks and all sorts of e-mails supposedly from bluesecurity... it doesn't seem too unlikely to me that the spammers could convince the media of something.
My name is coaxeus, and I approve this message. In fact, I think it is awesome.
Was about to post the same thing. Make a distributed app, receive spam, post "unsubscribe" link to app, (assuming this is how blue worked) instant mass traffic for spammer. The problem here is that if you don't have a central authority controlling what gets hit the someone will sooner or later abuse the P2P DDoS machine that you've effectively just created.
I noticed that your user page doesn't have any submitted stories that made the front page. I also comment fairly regularly and have had three submissions accepted. After my first one, I started receiving 20-30 phishing emails a day in my gmail inbox, and about 5 legitimate emails. That's why I've stopped posting any kind of email whatsoever to this site. As it is, my URL currently goes nowhere as well because shortly after I started using that instead I got hit with comment spam and lacking the time to install a solution like captcha images, I decided to just take the server down instead. This is for a site that got at most 20 people a day who were mostly my friends. We need some kind of international solution to stop these people and the harm they're doing.
Evidently your comments are modded so far down not even the spiders bother to read them.
It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start
Funny, not having the authority to do it didn't stop them before...
This guy's the limit!
If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.
[...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."
From Dive Into Mark (which doesn't seem to be responding, so try Google's cache.)
Carousel is a lie!
but anyone who's still getting spam in their inbox should install some nice filtering software.
That's not the point. If you run your own mail server or rely on filtering at your client end the spam uses up your bandwidth, your storage, your CPU resources to filter it, etc. Spammers like to use zombie machines around the net. Their operations cost them very little as they steal the capability from everyone else.
Trolling is a art,
Blue Security Ceases Anti-Spam Operations
When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet.
Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.
However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.
After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.
As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.
You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you.
We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company.
We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks.
We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community.
Thank you for your support,
The Blue Security Team.
What about a solution like the SETI project? A nice graphical screensaver that uses spare processor cycles to send email spam to known spammers. It could even display something funny like a graph showing how much harassment you're causing.
However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.
Fine, I'm happy for you. You obviously don't own an active domain, or a business. Because otherwise I could guarantee that it gets to be a problem for you.
But the problem is not you, it's not me, it's not my little kid sisters dog.
The problem is that a couple of hundred big time spammers are getting rich by shitting into the communal water supply!
If you think that's acceptable within a society then you will apologise that I have no respect for you and the likes of you.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
It seems that the problem here is that they were brought down by the spammer's huge number of bots running on compromised machines. Why has no one tackled this problem? It seems to me that this should be the responsibility of the ISP's. I'm no expert but I believe that if someone reports to an ISP that a particlular IP address is running a bot, that it should be a simple process for the ISP to do some tests to see if that is true by checking the nature of the traffic coming out of the machine. If they decide that the machine has been compromised, they should shut down it's connection and redirect port 80 requests to a web page explaining to the owner that their machine has be compromised and how to fix it.
This does not seem to me to be a difficult technical problem and it is in everyone's interest to get the compromised machines off the net.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
This really drives home how important it is for Average-Joe users to have decent security. Time was, if you got infected with a virus you'd get your hard drives wiped and have to reboot your machine. Then, viruses stole information instead. Nowadays, it seems like anyone with the inclination to do so can set up their own botnet using relatively simple tools.
And of course, if you're in the business of breaking the law online (or rather just being generally anti-social) it's simply prudent to gather an army of computers, and then use that power to make others give into your demands. The actions of one hacker and his botnet caused an entire company to shut down operation - that's scary.
And scarier still is that the thousands of people whose computers were hammering away at the server, contributing to the victory of evil over good, are unaware of the part their machines played, and will doubtless play again.
This really is the computing equivalent of creating massive private armies with a mind-control drug - and while the email system really needs an overhaul, while the possibility to harness this kind of power exists there'll be the opportunity for extortion on this scale.
My, that was a yummy potato!
I know the flip side of the spam problem is bandwidth wastage, but anyone who's still getting spam in their inbox should install some nice filtering software.
I have a catch-all email address set up on my domain - so $anything@$mydomain gets to me.
For years, I used to get a very small amount of spam to addresses like info@, sales@, etc, and a throwaway account I used on a website that I never used for any real mails.
Then, a few months ago, some scum-sucking shit-brained low-life motherfucker* decided to use my domain name in forged From: addresses.
(* But I'm not bitter)
I now receive on the order of a thousand spams, bounces and assorted related crap per day. Now, of these, only a tiny handful make it to my inbox, and they're all easy to spot. I've not done the stats, but I'd image that Thunderbird's filtering is 99% accurate or better.
It's still a pain in the arse though, and it's still utterly unacceptable behaviour on the part of the morons responsible.
I don't necessarily think that vigilantism is the answer, but something has to be done.
(Yes, I could switch off the catch-all addressing, but I actually find it useful, inconsiderate wankers trying to ruin the entire net for everyone not withstanding)
It's official. Most of you are morons.
"a few years ago i needed to send emails to nigeria on a daily basis. you should have seen my spam count then!"
Yeah, yeah...but how much money did you make?
I find it very hard to believe that it is this straight-forward for one individual to potentially bring down the entire internet infrastructure. The Register reported on this story and said, "Anti-spam firm Blue Security is to cease trading after deciding its escalating conflict with a renegade spammer was placing the internet as a whole in jeopardy." It went on to say, "During an ICQ conversation, PharmaMaster told Blue Security that if he can't send spam, there will be no internet."
I suppose the most concerning part of this story is the bit where bribery appears to persuades a top ISP to make some dodgy configs:
"According to Blue Security, a renegade Russian language speaking spammer known as PharmaMaster succeeded in bribing a top-tier ISP's staff member into black holing Blue Security's former IP address (194.90.8.20) at internet backbone routers. This rendered Blue's main website inaccessible outside Israel."
This story smells a bit.
The bad guys won this time because we tried to match force with force. I've said it multiple times in this forum - we have to accept that spam isn't going to go away. The only way we're going to get it down to an acceptable level is to make it not worth doing.
Filtering is one way, but basing it on the raw content of the email won't work. If there was a public key repository where legitimate users placed a public key for decryption, and all legitmate email were sent encrypted with the corresponding private key, the authenticity of the email could be known. Then, if someone starts making a nuisance of themselves, they could get their public key revoked. If this method were used, filters could be made to only let through emails that decrypted with the public key of the sender.
Let's face it, spam is a fact of life. Remember that you're up against people who do this as their 9-5er with no regard for law, ethics or their public image if you want to go the force-vs-force route.
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
Be pretty hard to get a murder conviction ... after all, there are literally MILLIONS of people with a motive ... I can picture it now ... the jury is deliberating, and says "the spammer got his skull crushed in ... sounds like he got off too lightly, dah?"
Sad to say, but the BlueFrog anti-spam client never really worked correctly. I tried it for two weeks, and found that often failed to successfully report any spam at all about 1/3rd of the time. Even when it did work, it never seemed cut down on my spam at all. If anything, the amount of spam that I'm getting now has doubled, since some spammers seem to be intentionally retaliating against me and sending me a dozen copies of same spam mail over and over again. I went from getting 50 spam messages to 100 spams a day, and I did nothing to promote my e-mail addresses during that time besides installing BlueFrog. Thanks for nothing, guys.
According to my unversity's spam filter, up to 25 percent of all incoming messages from off-campus addresses are spam!
And underground, it'd be also be helpful to DDoS the fuckers. The problem with that is that the dickhead 13 year old kids running the botnets don't care about spam.
Exactly. When no-one has a monopoly on the use of force, then using force to respond in kind is fair and just. It's called not letting yourself become a helpless victim.
td
hard core geek-ware
You can't fight spam at the originating point. More often than not it's sent through hijacked PCs. Hitting them won't help anyone.
So you have to hit the site that's been advertised by the spam. P2P has been mentioned as the "way to go" to avoid a similar fate. And the dangers of "seed poisoning". This can be circumvented. Have the clients "read" the spam folder of the participating person. Have them exchange their spam folders. Have them count the messages received. And once a critical amount of similar or identical messages have been identified, have them hold a vote who's going to get it for the next, say, 8 hours.
This all can be done without the participation of a host.
Now, of course someone could send around some spam to, say, shoot at Microsoft. How to prevent that?
Well, spam needs some time to propagate. This time can be used to update some whitelist. This whitelist, again, would have to be administered decentralized. I.e. you declare something "not spam". If enough people call spam "no spam", the attack won't happen. At the same time, run a blacklist that lets you identify something "clearly as spam", which puts more weight behind the counter.
If something has circulated for 2 days or more and is still labeled "Spam", the flood rolls in. Yes, I'm aware that quite a few spam-ad'ed servers are hijacked too. That's why the attack should not run for more than about 2 hours. Should give the admin there a good heads-up, to say the least, and take a look at his setup. Should he not wise up, the next one runs for 4, then 8, 16, 24 hours and so on.
Still needs some fleshing out, but I guess that'd be a way to run it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."
You started the fight and you expected them to buckle but you forgot one thing. They don't care if what they do is illegal. You do.
They will keep sending their junk and if you think they will ever stop you are naive. You can't stop them from doing it. You have to accept that first and then come up with a method that will just make it harder for them to get their junk out.
Anymore then people want to know their 3 ton car is causing global warming. Imagine if Shell refused to sell gas to cars that do not have a certain fuel efficiency. How long would they stay in business?
It is one of the reason to liberetarians are wrong. A lot of things can only happen because they are written down in law.
Should there be a law that forces ISP's to shutdown bots? Well, it all depends on the kind of internet you want. A totally free on that is controlled by criminals or a non-free one that is controlled by the state.
Cause freedom doesn't exist. There is always someone in control. For now it is the spammers.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
This really demonstrates the need for a distributed version. Not only is the centralised architecture easy to attack, as we saw with BS vs PM, but also it's at the mercy of its operators. A living breathing antispam system was in place, with many willing users, but had to be shut down because the tiny head at the top of the body wanted out. If it was less monolithic, head shots wouldn't even exist.
Tie that in with my other idea, and maybe there's a good method in there somewhere.
Bastards! They deleted the source files! They could at least give the source code for us to share.
Anyway, this clearly gives us one choice: Decentralizing Blue Frog.
The concept has been proven. Flooding the servers with opt-out requests.
So I propose this: Make a decentralized "black frog" which directly analyses the e-mails and begins doing what Blue Frog did. But this time, it's per-user.
If anyone wants to start the Black Frog project, give me a message (my gmail address is posted in my account).
The concept is this. Instead of asking the spammers to download the "do not intrude" list, hash your own mails using the following formula:
hash = substr(SHA1(e-mail),32). And in the post tell the spammer to remove this hash from their mailing list. (We can include random hashes to make it blurry).
If anyone wants to start the project, I'd be happy to organize it.
We need:
* At least one person with access to the Blue Frog sourcecode, or someone who has helped in programming the Blue Frog
* Lots of programmers
"Our users never signed up for this kind of thing. You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
/. style, I haven't *yet* done), but can we please at least try to make somewhat clear what an article is about, so that everyone can decide for himself whether this subject is of interest to them in the first place?
What kind of thing? What kind of effective method has been found to do, what exactly? What is "this" concept we are talking about?
I read this site (almost) daily but have never ever heard of this company before. As it is apparently some kind of small startup, I'd imagine many others around here have never heard of them, either.
Without any context, this "article" is pure gibberish. Maybe it makes sense after reading the linked article (which, I'll admit in good
Every expression is true, for a given value of 'true'
Back when it was possible to track down the spammers and e-mail them easily (~1998) I did this sort of thing on my own.
If I got spam from someone, I sent them an e-mail asking them to stop. When I got another one from them, I sent two. Then three, four, and so on. I made liberal use of free e-mail so they couldn't filter out my addressed, and eventually spammed one guy with 98 e-mails before he relented.
Multiply that by 500,000 users and you'd get one nasty spam attack. That's what these guys deserve: to get one e-mail for every e-mail they've sent to each address. Tens of millions of e-mails flooding their inboxes.
120 characters for a sig? That's bloody useless.
I don't necessarily think that vigilantism is the answer,
Why not? It obviously is. Nothing else is working. Once a few spammers have died horrible deaths, or have been mutilated, tortured, branded and hung out in the marketplace covered in honey with a big ant colony nearby, there just might be a reduction of spam.
Spamhaus knows the top 200 or so spammers, many with addresses. $1 from everyone who hates spam and there's a pretty good bounty, and it is cheaper than installing new filters all the time.
Assorted stuff I do sometimes: Lemuria.org
I was in exactly the same boat until my host made graylisting on their servers. It's gone from 3000/day down to 30 or so. The only problem is that some legit emails from domains with long retry waits don't arrive for hours, but it's uncommon, and adding them to the whitelist solves it.
There's nothing stopping me shitting in the reservoir. Does this mean that tapwater is dead?
If you do that sort of thing enough, you will be tracked down and (if caught) prosecuted.
The same apparently cannot be said of spammers - or at least, not the ones that pick on individuals. I imagine that the story would be different if they chose to forge addresses from amazon, google, microsoft, etc.
It's official. Most of you are morons.
Russian Police Claim Biggest Spammers Murder Solved
. shtml
The police also examined another lead suggesting that Kushnir could have been attacked by robbers.
On Sunday the Moscow criminal investigation directorate detained a group of young people on suspicion of murdering Kushnir with a view to rob him. The investigators believe that a 15-year-old girl and two boys, 18 and 17 years of age, along with a 27-year-old accomplice had broke into Kushnirs apartment.
One of the boys wielded a baseball bat which he used to beat the man to death. The detainees insist Kushnir had invited them to his place himself where he made passes at the girl by the name of Vika. Her friends tried to stop him, then Kushnir grabbed a knife and the young men hit the man with an empty bottle on the head in order to defend themselves.
http://mosnews.com/news/2005/08/15/kushnirinquiry
Teasing the nobles, and rightfully so!
Catchall accounts are so much fun when a spammer decides to phonebook your site. Abby@yoursite.com, Abby.Adams@ yoursite.com, Abby.Alda@yoursite.com, Adelaide@yoursite.com, Adelaide.Adams@yoursite.com, and so forth, just send email to every-name-in-the-phonebook@yoursite.com and some are bound to get through, right? One of my clients got 40-50 thousand emails in one day this way.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I don't necessarily think that vigilantism is the answer...
Vigilantism is exactly the answer. For some reason, there's this idea that people aren't supposed to "take the law into their own hands". Well, who is supposed to maintain the law? The authorities? They can't do it. If every last cop on every last police force was Joe Friday, they still wouldn't come close to having the manpower to control traditional crimes, let alone email spammers.
More to the point, every last cop on the force isn't Joe Friday. Frank Herbert wrote that the saying "power corrupts" needed to be re-written as "power attracts the corruptible". With profound respect to those who become the authorities of society because they genuinely want to make the world a better place, there are also lots of people who do it because they want the power. From street cops to the presidency, we have seen that bad people are drawn to power. The worst ones are on the take, beating people who surrender, invading other countries without justification, passing legislation that favors institutions over individuals, and so on. The ones who are just misguided genuinely believe that only particular, designated officials should run a society. Both types support the idea that people aren't supposed to take the law into their own hands.
How does all this happen? How do people get into situations where bad people ruin things and nothing can be done? Because there are people who don't believe in taking the law into their own hands. Because there are people who believe that making things better is a job for someone else, not a sacred trust. Because there are people who don't feel like this is their world. And because lots of people who care only for themselves are willing to take advantage of people who don't believe in vigilantism.
Of course, the word "vigilantism" is not a native part of my vocabulary. I have another word that I use there. Let me rewrite the original statement: "I don't necessarily think that responsibility is the answer..."
Five percent of one year's DoD budget puts us on Mars.
A new protocol will help greatly, but it won't stop the REAL problem which is people shitting in communal waters.
Interesting metaphor. Fact is that public waters tend to be full of shit, and there's nothing we can do about it. Reservoirs are routinely colonized by fish, waterfowl and aquatic arthropods, which eat the plants and each other and shit out the waste. Water supplies can only minimize this; they can't prevent it. So, rather than fighting a hopeless battle and delivering contaminated water, they accept the situation. They try to keep the reservoir somewhat clean, but they also filter and sterilize the water while delivering it.
It's likely that the same situation with email is permanent. Attacks can cut down somewhat on spammers, but like the insect larvae in the reservoirs, there will always be spammers in the internet. Delivering clean email will require filtering and decontamination software. We already have lots of it in place, and it's likely that we will always need it.
There will always be hucksters and scammers out there trying to separate us from our money.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
There is a simple way for the states to end spam. Require a 1 year period for any person who buys somthing from a spam message to get their money back---for any reason. The banks would not be willing to be on the hook for this so you would see the end of accounts to spammers
Well, sure - it's an escalation, there's no doubt about that... but I'm game anyway, and I bet a lot of other people are too. Here's the thing:
Blue users are generally security-conscious. They probably use various antivirus technologies already, and can spot social-engineering techniques a mile away. Most ISPs and webmail providers provide automatic virus scanning anyway, and some ISPs provide a free copy of AV software. So there would be many Blue users who would be confident of weathering a storm of virus-infected email.
So, why not ask them? It's an active community with a lot of communication channels. Why not explain the risks to Blue users and require a new opt-in for the continued fight? Some would drop out, sure, but many (most?) would stay on. They joined to be proactive against the black hats. Why would they quit when it starts getting good?
Which brings me to another point: the website is down. Completely down. The DNS resolves, but the server is off. This is not an appropriate way to go out. Sure, shut down the reporting service if that's your decision, but to bring down your homepage on short notice does a disservice to the loyalty of the Blue community. Where's the opportunity for discussion, for disseminating information? Even just a "<p>We're closing our doors. Thanks for all the fish.</p>" would be better than this.
I don't know. I don't agree with how this is being handled; it seems unprofessional and defeatist. And basically just disappointing.
perl -e 'foreach(values %SIG){$_="IGNORE";}while(){}'
Pin a medal on their chests! Thats one less piece of shit filling my inbox.
My patience is infinite, my time is not.
Yep. Greylisting rocks, no doubt about it. However, the party might be over my friend. I am seeing more and more spam these days because more and more hosts (zombies, open relays, etc.) are retrying with legit reverse PTR records. Thats to say, more and more spam bots are getting wise to the idea, and acting more an more like legitimate SMTP servers.
That is not good news for those of use that use greylisting.
Have you noticed any increase yourself? I've been greylisting for about 2 years now. Just over the last couple months have I noticed the increase...
but spam is a problem of traffic
NO! SPAM is a problem of bandwidth STEALING! Spammers are using OUR bandwidth to GAIN MONEY.
Remove one of the two (our bandwith, or their money) and we'll solve the problem.
I understand the idea was to SPAM the Spammers.
But who exactly did they span? The spoofed addresses? The owner of the original IP?
In the USA there is legislation that attempts to legitimise sending of unsolicited commercial email. This is the Can-Spam act and says among other things that if you want to send such, you must provide an opt-out method for people who dont want to receive it.
Obviously this only applies to US businesses who want to send junk emails, but there are plenty of those - and they think that because they follow the rules and provide an opt-out that its legitimate business.
Now, these companies contact or are contacted by somebody who is willing to send out bulk emails on their behalf for a fee. Often this turns out to be a scumbag bot operator in another country and as such is not subject to the US rules. These guys are beyond any law except the law of supply and demand.
What the Blue Frog people did was set up a system where you could forward junk mails to them, and they would discover the originating business and automatically fill out an opt-out request for you. This costs the US companies who are trying to run a business time and money to process and makes it less attractive for them to pay the spam kings to send the bulk mail and thus reduces demand.
Less demand is less money for the spam king and one or more (I would not be surprised to find a cartel) decided to attack Blue Frog.
We will have spam as long as we rely on on an email system that relies on the good citizenship of senders. The only fix is a new system where you can't create a new identity just by modifying your email header.
While I do hope someone does something about spam, I'm not certain if vigilantism is such an answer... just think if one of Spamhaus's 200 spammers is mis-identified.
We have been mistaken for spammers once, and it's not nice, we were blacklisted for 3 days before we convinced the blacklisters that we were a legitimate business, during that time our sales people had a hard time (and no we don't send newsletters or nothing of the kind, just business email).
Being DOS'd or some of the scarier options proposed does not sound good to me.
There are three kinds of lies: lies, damned lies, and statistics.
The question is, are you giving them the way out, or are you leading them into damnation? You're assuming that your interpretation is the only possible true interpretation, and that therefore you have the right & duty to enforce that interpretation on people who disagree with you. That is incredible hubris.
In the modern day, we see a lot of people judging and throwing stones, and claiming that they're right to do so. Now, I'm no biblical scholar, but I'm pretty sure that both the OT and the NT are pretty specific about people usurping the perogatives that belong to god.
Let me be blunt: It is not given to you to be judge and jury to your fellow man. No one appointed you the sole keeper of god's laws, and nothing makes your interpretation of those laws superior to anothers.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
That's one. It will take at least two.
(Given that the police are saying this one may be unrelated to spamming, it may take at least two MORE.)
Hiroshima showed Japan that the US COULD make and deliver a nuclear bomb.
The Japanese generals knew what it was, because they were working on one themselves. At that point, many of them thought the war was lost, and were prepared to surrender. But some of them argued that collecting and processing the necessary materials was such an effort that the US probably only HAD one and wouldn't have a second for a long time.
Nagasaki showed Japan that we had more than one. This left open the possibility that the US might be able to keep this up - once a month, once a week, once a day, once an hour - until Japan was all rubble and slag. So enough of the rest threw in the towel, too, for Japan to submit without total loss of honor - and thus drastically cut the loss of life on both sides.
A deterrent doesn't deter until there is reasonable expectation that it may occur. One dead spammer - who may be dead for other reasons than spamming - might make them think a little. But it will take at least two dead spammers - unambiguously dead because of their spamming - to provide enough datapoints for the intelligent among the pack to start including it in their cost-benefit analyses.
Please note that I'm NOT advocating the wholesale and gory murder of spammers. I'm just noting that, if that DOES end up being the solution (or even a component of it), it won't be limited to one bloody corpse.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Interesting point. I am not, as you seem to be suggesting, an ethical relativist. On the other hand, Christian dogma is so amazingly fragmented it would be difficult to attribute anything like a consistency of belief across the whole of the religion.
My point, thus, is that, where there is doubt, there should be circumspection. I've never heard a defense of murder, for example, that would appeal to a rational audience. On the other hand, biblical passages have in times past been used to justify murder, for example, the Salem Witch Trials.
Now while I hold that anyone who feels strongly that witches should be burned has every right to that belief, I strongly object when they try to impose that belief on a world that disagrees. Likewise with the modern evangelical tradition of deciding, arbitrarily, on what constitues the truth, and then attempting to force that belief on all and sundry. They would certainly expect their beliefs to be honored...indeed recent history can be conclusively shown to demonstrate a tendency on the part of evangelical christians to hysterically denounce any and every action that they feel impinges on the fullness of their belief (e.g The "Holiday Tree" debate, and others).
Now, historically, there has been a way around this impasse of beliefs that I'm going to refer to as laws, which, for the purposes of discussion, we can think of as "enforcable beliefs" that are agreed on by people who otherwise have different belief structures. Now recently, the evangelical types have taken to thinking of any "belief" (be it legal, moral, logical, or scientific) that runs a counter to their own beliefs as less valid, and, indeed, a purely personal attack on their correct beliefs.
Now my argument, if you would call it thus, is simply to point out that, with so much disagreement on the fine points as it were, of their beliefs, it would be wise for them to accept, with some Christ-style holy humility, that other people are also entitled to beliefs, before their hysterical intolerance breeds domestically the very same problems we see all over the world.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
His post was much more articulate. Also, I would have to say that, if you were trying to say the same thing, you failed utterly.
His point was that my point contained a logical inconsistency, whereas your point, and correct me if I'm wrong here, was that preaching to everyone who one would happen to meet on the streets was a moral imperative, and the refusal of the passerby to listen would necessarily encompass the destruction of their nation, or a 40' drop, depending.
While I view his post as a bit of a logical nit-pick, as he is clearly willfully missing my point of tolerance, I view your post as a good example of the sort of obstinate "I'm right and you're wrong" arrogant, and intractible belief system that I'm talking about. God very clearly spelled out his command to Israel in the OT, and they skipped it, and paid the price. Well and good.
I am unaware of any modern commands so explicitly laid out. All modern imperatives, in fact, seem to be originating with a group of intolerant demagogues who remind me much more of Pharisees than Christians, who preach out of temples with built-in ATMs and gift shoppes, while claiming, with no sense of shame, to be in complete understanding of the mind of god.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I have a simple, foolproof idea to help eliminate spam.
Email certification.
If you want to be able to send Certified Email (CE), you apply for Certification from the company that gives you internet connectivity. They check you out, and 'Certify' you as being a legitimate emailer (ie: not a spammer). Then, you generate a private/public key pair and give them the public one. In the headers of all your email, is their certification, and an encrypted header line that's createdusing your private key.
When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.
Due to the public/private key cryptography, there can be no certified email spoofing. (Assuming the private keys are secure, the keys are of decent length, etc.) All emails are traceable back to the originating server. CORRECTION- all CERTIFIED emails are traceable. Anonymous email is still possible. People can still set up email servers for mailing lists without "having" to get them certified. And people can still receive non-certified mail.
If an email server sends out spam, the complaints go to it's certifier. They can drop the certification, deleting the public key from their server. When this happens, ALL the email from the spamming server is now 'uncertified', and gets handled accordingly by email clients. If nothing is done, complaints go to THEIR upstream, etc. Individuals and groups can keep their own blacklists, if they wish, and anyone can choose to filter emails according to those lists.
Now, I've looked over that 'form email' that people like to post to shoot down anti-spam ideas. And nothing applies to this idea. (If something seems to apply, it's because I either left out details, or explained something wrong.) This idea does NOT need to be universally adopted, nor does it need to be adopted by everyone all at once. It's primarily a way of reliably tracing (certified) emails back to their originating server. The anti-spam part comes later: if you receive certified spam, complain and get the server un-certified. If you receive un-certified spam... well, just have your email client dump all uncertified emails in the trash. (Not nessisarilly, you could just use it's un-certifedness as a factor in filtering your email.)
This idea does not require anything be changed with SMTP. It simply requires a second connection be made to the certifying server. Now, before you bitch about the extra bandwidth, I'd like to remind you that, once this idea catches on, spam will be greatly reduced. This reduction will MORE than make up for the slight increase in bandwidth created in querying the certifying servers. Also, the certifying servers can set time limits on when the certifications expire, and need to be re-downloaded (kind of like DHCP leases). A 'new' company that just applied for certification might have it's certificate set to expire almost instantly. This way, every email they send requires a download of the certificate. This allows the certificate to be pulled rapidly if they start spamming. After a month or two, it could be set to expire weekly or monthly.
To sum up: Email Certification is reliable way of tracing the certified emails back to their originating server. This allows spammers to be identified unequivocally, and have their certification pulled. Email servers are NOT required to be certified, and anonymous email is still possible. Email recipients can, if they choose, set up their client to send uncertified emails to the trash, or to handle them however they wish. White lists and black lists are still possible. 'Hobby mailing lists' are still possible, certified or not. The extra bandwidth is minimal, and easily overshadowed by the reduction in spam being send once spammers realize no one is even seeing, much less reading or replying to their spam.