Slashdot Mirror
BlackFrog to Take up BlueFrog's Flag
Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."
Link to the project website.
How long until some hacker poisons the peer system into spamming a legitimate site?
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I bet this was totally unexpected here ;-)
"Social" internet might not sound that great, but at least it has some great advantages like this (I dont consider file sharing an advantage, but fighting against SPAM is).
Sounds sort of insecure for a project like this to be openly editable to the public via a wiki and p2p network.
just too bad that someone couldn't get this into the BlueFrog stuff before it died.. atleast then they would have a large userbase.. but if the Blue peps are the ones that look at the e-mails to make sure someone isn't being evil and submitting normal HAM - how is that going to work without master to authorize the clients???
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Just as a correction folks, it's not called "Black Frog" this is a mix up. There was two projects. Black Frog and Okopipi aiming for the same goal. Black Frog stopped and the people joined Okopipi.
I hope that people from bluefrog will release source of their utility. This new initiative could surely benefit from their sourcecode.
#
#\ @ ? Colonize Mars
#
Hmm, wont it be amusing for user's PCs to be spamming as part of an hidden botnet and running this at the same time. Hope their not on dialup.
I think one of the most genial spamtools is SpamCannibal
http://www.spamcannibal.org/cannibal.cgi
I can imagine the slew of whiners who will complain about such a vigilante approach to this problem.
Well, remember Firefox, "We're taking back the web"? That's exactly what we're doing here. It's the only strategy that's going to work. Bitching and moaning won't get you a clean mailbox. Taking spammers down will.
If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.
Global warming is a cube.
I thought the reason Blue Security closed shop was because the spammers had diff'd their user database, identified quite a large amount of the participants, and then threatened virus attacks directed at them. Not because of the DDoS.
...
Blue Security Gives up the Fight
The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."
I'm guessing the only real difference is that users will know this time around.
From their wiki:-
Okopipi will automatically click the "opt-out" or "unsubscribe" links contained within the emails and/or report the spam to the appropriate authorities.
I thought that it was generally a bad idea to click unsub or opt-out links in Spam messages since it only server to prove they have a valid email address and the receipient actually reads Spam messages.
I have no sig yet I must scream.
dude, that was so lame... you tried to make a fp and clicked on the wrong article. LOL!
The more successful it is, the more the Internet will be too bogged down to be useful to anybody.
Also, if someone programs the botnet's to evolve to attack each other better, we're talking SkyNet right around the corner.
But are you writing spam? Or just lost?
Every spammer gets a "Spring Surprise."
m
CrunchyFrog explined. http://orangecow.org/pythonet/sketches/crunchy.ht
Ok folks, let get a few things straight.
Blue Frog was NOT effective not as a denial of service attack or distributed denial of service attack. It was never meant or designed to be. The Russian spammer said it himself - they never brought down our servers, they only served as "a daily nuisance". The nuisance was this: for every spam that the spammer sent to the some 500,000 Blue Frog members, an automated script (bot) visited the website advertised and filled out the form for snakeoil, home refinancing -- whatever was being hawked. But instead of filling it in with valid input from someone interested in what the website was hawking, it filled it in with a legitimate plea from a single person to Opt-out of being spammed further. With me so far?
The spammer -- or worse, the spammer's client -- in turn, goes to check on their database of people or leads to which they can hawk their snakeoil and generic viagra and low and behold, instead of being filled with legitimate contacts of people they can do business with -- it's filled with hundreds upon thousands of opt-out requests.
Undoubtedly there are real requests from potential business contacts in there. But first they have to filter out all the opt-out requests that Blue Frog has submitted.
Sound familiar? It sure does. It's what we've been putting up with for years. We open our Inbox and instead of seeing email from friends and business associates, we first have to sift through and filter a few gazillion pieces of spam -- each with "Hi How are you?" and "Important Account Information" fake titles. Only then can we get down to the email that's actually sent to us. It's a nuisance.
Blue Frog forced spammers to deal with the SAME NUISANCE they cause us. And the spammers didn't care for it too much. They don't care about opt-out requests, the Internet, what people think of them, possible prosecution --- all they care about is making money and they're making it by the truckload. The fact that Blue Frog actually bothered them enough to use their botnets to attack is VERY encouraging. It means we've found a way to kick them in the ass and make it hurt.
Please don't compare Blue Frog or Black Frog to a DDOS or DOS. As the Russian Spammer demonstrated with his attack, what little network disturbance Blue or Black Frog causes for the spammer or spammer client server pales in comparison to a real attack. Mainly because it isn't meant to be an attack in the first place.
If Black Frog ends up with 1,000,000 subscribers, then lets talk DDOS.
Wow, a real live anarchist.
Okopipi is a poisonous blue frog. Quite appropriate I think.
As to the fact that it isn't "marketable", who cares. Would anyone have thought google was marketable before they started? If the product is good enough, the market doesn't care about the name.
You can't trust the "members". Say that a savvy black hat creates many "tainted-members". What happens if the "tainted-members" all report that a legitimate site is spamming?
I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.
Black Frog. Easy to remember. Ominous sounding. Appropriate because it's the next generation of Jedi. The Darth Vader to Blue Frog's Blue.
Okopipi is less appropriate because no one knows how to pronounce it. Pronounced correctly, it may end up sounding like 'Ok-Ok I pee-pee!' - which is bad for everyone.
Worse still, it's obscure and spelled oddly and consequently most people are going to mistake it for the name of a new Linux Distro.
I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.
So I guess the question is how is this any different from individual users crafting their own attacks? For me the nice thing about Blue Frog was they crafted a script for me that will be used to attack. I'm sure this new project will do something similar.
And I could even see a karma system for the members. Members that suggest valid targets gets modded up.
I'd like to hope Okopipi could make a positive difference, but it cannot, because it is open to exploitation by the very people it's trying to stop.
Okopipi's greatest asset: people who are desparate to stop spam; is also it's greatest weakness, because their frustration sometimes leads them to take ill considered actions without first understanding the facts. Choosing to publish the statement below is a fairly pertinent example:
It's difficult to see any way this statement could be more wrong.
When a state sponsored law enforcement official does their work they are enacting the will of a democratically elected governement. It is a careful and methodical process designed to protect the innocent.
Their job works like this:
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
The result is that members of the Okopipi network and innocent bystanders with websites will become the target of the organised crime that is funding the spammers.
At which point your friendly "state sponsored vigilante" is only a phone call away.
boakes.org
I don't see why the froggy approach is the best direction. Yes, I see the logic in fighting fire with fire. But I've heard that water and foam are also used -- sometimes with good effect -- to fight fires. Sometimes axes are also used.
As an email user, I only care about the second objective. (Don't worry, as an Internet user, I realize my self-interest in supporting the first objective, but it seems more directly relevant to network admins and a "tragedy of the commons" problem for the rest of us.)
Permission-based email starts to make real headway on the second objective, but it doesn't seem to be a common offering. I'm pretty sure one of the Baby Bell ISPs offers it, but I forget which one. Does anyone know more about this and which ISPs might offer it?
Better still, does anyone know of an open-source add-on for mail servers that will do this?
"It will be based on a P2P network (the frognet)," according to a posting on the wiki. "On failure to connect it could still opt out given email addresses."
Participants will send reports of spam emails to Okopipi, which will use "handlers", including dedicated servers, to analyse it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.
"Only the Okopipi administrators will know their locations," the group said on its wiki. This should make a DDoS attack "very difficult", it said.
That seems solid, but I wonder how something so open can keep a secret like what and where its servers are. It's beyond me, anyone have more info?
Slashdot Burying Stories About Slashdot Media Owned
Misses the point entirely. If Black Frog ends up with 1,000,000 subscribers, let's talk about forming a PAC and getting legislation passed. Think $5-10 donation per person, with all proceeds going to fund the PAC. Now you can buy laws and screw spammers permanently. You've also got a handy voting bloc for, let's say, the next Presidential race. Before you laugh, remember that the last race was won by a lot less than that.
The Russian spammer said it himself - they never brought down our servers, they only served as "a daily nuisance".
And we know this is true because Russian spammers are known throughout the world for their unassailable truthiness.
Can anyone read the subject line five times quickly and get it right? :)
All your sig are belong to us.
There is a history of this issue and related links here. The castlecops stuff has threads of the original spam message board threads.
When a state sponsored law enforcement official does their work they are enacting the will of a democratically elected governement. It is a careful and methodical process designed to protect the innocent.
Perhaps the GP was from the US, where that doesn't hold true anymore...
I [may] disapprove of what you say, but I will defend to the death your right to say it.
they do in fact don't like it details: http://www.spam.com/ci/ci_in.htm
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Are you saying that we should be fighting spammers with axes?
I'd personally like to collapse their children's skulls with a rusty used camshaft taken from a 1985 Pontiac Iron Duke. Think of an overweight cast iron baseball bat with induction-hardened lobes to ensure non-uniform cranial trauma.
OK, so maybe they should have stuck with Black Frog. It'd probably be even better if it were followed by a parenthetical "of Doom", as in "Black Frog (of Doom)". Now that sounds more like something people should be afraid of.
John
"man, whats this 'ebay' crap? What do oceans have to do with auctions? And why the hell would I buy books from some jungle?"
Maybe they need to form a cooperation then.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
I don't think it's a matter of being interesting or fun. It's a question of whether it is neccessary or not.
Rather than ignoring it and hoping it goes away, how about suggesting an alternative solution to the problem at hand?
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Hey what about a anti spamming version of this toad [en.wikipedia]? XD
Said a million times, I'm sure, but neither blue nor black was a DDOS. One spam received. One response or less sent back as an opt-out. Fair enough. The reason for distributing this is because of the targetting problem.
As far as "poisoning" the black list with a wrong target, who needs to? That would only be an overly complicated form of DDoS attack, which can be accomplished much more simply already. It's not something to worry about yet.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Let's be realistic: It's not. The system is not designed to bomb the spammers, just to send spam back at them IN THE SAME AMOUNT they send spam at us. That is, if a spammer sends you 1 spam message, you send him 1 spam at him. But if he sends you 500.000 spam messages... well, you do the math. I don't see anything illegal on that. Put it this way: if you have 500.000 people in a "club", who take the time every day to do that exact thing manually, would that be illegal? I don't think so. Neither writing a program for doing just that would be "illegal".
"The project should also take care not to cross the line from legitimate spam complaints to attacking spammers using DDoS-like techniques,"
That's what it basically sounds like.
They're automatically doing what spammers wanted people to do, based on the assumption that the spammers didn't set up the infrastructure necessary to support the e-mails they're sending.
Ususally the sites hit were the former home of a spamsite or spammer and at the time of being hit were just the compromised box of an innocent webhost, university computer or other bystander. You can argue all you want about the 1:1 ratio of it, or that networks should be more responsible (I agree) but that doesn't make it right.
:-)
And to the person who said I should suggest something better -- how about a botnet reporting engine to let responsible ISPs know they have compromised machines on their network? Or a system of sifting through whois and domain registration data to determine who the good or bad registrars are out there (like are all phishing sites coming from one policy-loose registrar or not?). Or a system to combat phishing and fraud on the net.
I can come up with a 100 good ideas to make the net a better place and teach you 1000 things about system administration, networking, running big networks, building scalable systems. Take advantage of that, not of the Internet.
Being an operator (sysop/netop) is infinitely better than being a hacker. A hacker just needs to know one way into your system, an operator needs to know all the ways in.
Best,
David
# Hack the planet, it's important.
For me, this would work well with a Thunderbird plugin: Say an option to send the opt-out as a right-click.
I have a catchall account for non-valid email addresses in my domain. Everything that goes there is junk. I could have t-bird's junk filter grab it (mostly it does correctly at this point.), and then when I manually delete stuff, perhaps there could be a right-click to mark as frog-food? (about two thousand a day. fun fun.)
My $.02
The service fills in forms on spammers websites and submits it. This "corrupts" the data that the spammers are collecting by inserting hundreds of "opt out" submissions which makes finding the "valid" submissions (where stupid people responded to the spam looking to buy v1agr@) more difficult. There's nothing illegal (as far as I know) in using your own computer to fill out forms with bogus data.
The few hundred frog subscribers don't have the horsepower to shut down a Web server anyway. They just make the results of spamming much more difficult to sort through.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
I've been running an ISP called FrogNet (http://www.frognet.net/) for the past 10 years. I am SO looking forward to feeling misdirected spammer wrath.
"so it can punish the people who hired the spammers"
When the spammers' clients have to pay BIG TIME for MY inbox and everybody else's inboxes getting full of spam, that is when I expect spam to dry up.
Until then its all just wanking.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Remove the demand
Get people to stop buying things from people that Spam. If they open a storefront, send out Spam and get zero response they will stop.
Educate people:
Tell grandpa to stop ordering Viagra from these people!
You cannot buy a Rolex for $99!
Your Johnson will not grow if you take a pill!
Remove the supply.
The other thing that needs to happen is the companies that produce these products being sold need to be accountable for where their merchandise is being sold. I think the best approach to this is for a service like Black Frog that sends an E-mail to the manufacturer stating "Please inform merchant XYZ that I no longer want to receive E-mail offers that include your product." This will be a long hard road since many of the pill companies sell knock-offs that are not genuine. These companies will be more inclined to prosecute the people that are misrepresenting their product this way. The others will find ways to control the supply chain better.
I don't see a spammer ever going away unless you make the internet unprofitable for them. Irritating them costs them $0 Removing the supply and demand is the only solution.
Slashdot +1 funny -4 Insightful +1 informative -2 Redundant
Karma: Somewhere between SCO and Microsoft
Find out their physical locations and make them public. Mob justice works fast.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
We're (yes, I'm part of the team - hello slashdot!) currently discussing using the main servers thru various proxys to anonymize the IP address. On a DDOS attack, the servers would just disconnect and then reconnect to another proxy and voila.
Also, the servers are the ones with the Central PGP authority. The network can still operate without servers, they're just needed for login (for now).
The network is P2P, but authority is hierarchical. We'll use anonymous routing to prevent DDOS on the high authority nodes. And the network will require a validated login.
On the remote case we suffer a complete P2P blackout, the frogs can still opt out - the network will only be used as a regulation mechanism.
We'll use throttling techniques to let them live and breath.
What we're going to do, is poison their purchase forms (as Blue Sec. did) with enough requests so they have to search in them before finding true customers.
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
Unelected? Unrepresentative? We've received HUNDREDS of volunteers to help us. And with more than 700 diggs (yes, blasphemy! don't burn me), i doubt it's "unrepresentative".
The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.
It should be obvious by now that you haven't RTFA. The network will have a system of trust and reputation (karma), and there WILL be people gathering evidence.
One thing to clarify. It's an open network, but unlike other P2P networks this one is willing to cooperate with the police. We're going to give authorities and recognized companies PGP-based authorization (on request) so they can work with their own nodes and recognize authentic SPAM.
The result is that members of the Okopipi network and innocent bystanders with websites will become the target of the organised crime that is funding the spammers.
Sure, let them earn MORE money and become MORE powerful so they'll lobby the congress and throw away the can-spam act.
You're forgetting something, currently there's *NO* mechanism to enforce ALREADY EXISTING laws regarding SPAM. Spammers' servers are across the globe, where there are no laws. And not only they're bypassing the countries frontiers, they're also committing FRAUD. They're telling the marketers: "Look! These people are willing to receive your offers for cheap viagra, they WANT to buy our products!". But we're not. ALL WE ASK is to GET OUT of their lists.
Also, we don't want to DDOS sites. I already said that, the "attacks" will be controlled but significant enough to disrupt the spammers' business.
And FINALLY, the network will NOT be used to INITIATE attacks. The attacks are the sole responsible of the CLIENT - the system has been designed this way to prevent abuse.
In other words:
* The police force is THE PEOPLE (those who submit their SPAM, plus we'll have spam honeypots and cooperate with SpamHaus and other authorities)
* The jury is THE PEOPLE (the people who have earned enough trust to participate in the classification of websites, or simply those who emmit votes. As if that wasn't enough, people who have voted to punish an innocent website will receive bad karma, this eliminates corruption from the network.
* The judge is also appointed by THE PEOPLE. Those who have earned enough trust to write the opt-out scripts. Maybe even the FTC with their own authorized nodes.
* The executioner is the PEOPLE, those who have installed the clients on their system. It's their decision to opt out from the websites, no one else's.
It seems pretty democratic to me.
Any questions?
Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project.
--
Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.
Do you think we're idiots to let something like this happen?
1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.
2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.
3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.
4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.
5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.
6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.
7. If any wants to cooperate, the google group is open to ideas.
8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.
-1, both ignorant and irresponsible. Thank you.
... But I use gmail almost exclusively and receive a ton of spam, but what little gets through their filter is caught by Thunderbird. Now, I know Google and Mozilla, Inc. are pretty innovative groups, but why can't others do what they're doing? Especially as Thunderbird is open source? Spam exists because it is profitable. If people saw very little spam it wouldn't be so profitable anymore.
I dream of a better world... one in which chickens can cross roads without their motives being questioned.
... like infecting the spammer with AIDS or Rabies - I'm sure they'll be the last customer of those "cureall" stores
Did you know that "FTW" ("for the win") is a direct translation of "Sieg Heil"?
Hover Cover!
Man, you really need that seminar!
Due to TradeMark conflict, I have closed the Black Frog project. Actually the project was just a nameholder, since Okopipi was a separate project which I joined later.
So the official name of the P2P antispam software is now "Okopipi". Please stop naming it "Black Frog" or we could get sued for Trademark Infringement.
Thank you.
(More info on my journal)
What do you mean by "Blue Security isn't out of the woods yet legally and their DDoS of SixApart is far from a closed case." SixApart was attacked by the same people that attacked Blue Security. Blue security changed their DNS to point at their blog. Granted, changing the DNS records under the circumstances was irresponsible; however, your quote is misleading.
I never clip my fingernails for fear of dangling symbolic links.
Let's get this straight. Over one day a spammer sends 5 million invitations to go to a web site to buy a product. Over one day 5 million recipients visit the web site and in compliance with the CAN-SPAM Act request to be removed from the mailing list.
A DDOS is an illegal act. 5 million responses to an invitation is a CAN-SPAM compliant act.
Why do so many people not understand the difference? Is it from ignorance, or from vested interests in spreading spam?
---
nostalgia ain't what it used to be
OK, so maybe they should have stuck with Black Frog.
They considered calling it the "Blue Screen of Death" but found that it was copyrighted by a VERY large software company which has sole bragging rights.
-Mike
I'm sorry; I don't know what I was thinking!
Disclaimer: I wrote it. I use it. It's 100% free (keep your money).
:)
2 59932
3 07815
It was available at my website (more info here if you want to read it) but it got 'Slashdotted' and was 'removed'. So I finally got around to updating it with statistics logging to 'prove' it's effectiveness, to accommodate 'flakey' mailservers that might not like a highly efficient POP3 client accessing them, and to treat 'highbit' email the same as file attachments (email is historically a 7-bit protocol) and posting it on http://rapidshare.de/ at the 'sig' URL above. Download and enjoy!
P.S. see
http://slashdot.org/comments.pl?sid=184696&cid=15
and
http://slashdot.org/comments.pl?sid=171793&cid=14
for more info.
In short, my approach uses the venerated, time tested SMTP protocol and character set AGAINST spammers....
I noticed you had no option for YOU to go deal with the mom beater. To me, that is a better option, or even better than THAT, is that your mom gets the training and the tools needed to protect herself. I know a lot of women-including "grandmaw" age women, who have "opted out" of the "professional victim in advance" mindset. Perhaps it is the crowd of adults I hang out with, maybe you don't know anyone but professional victims, or perhaps you live someplace where "the police" insist that you be a victim to maintain "societal norms" or something. Either way, you left out the best options in your list.
With this SPAM deal, people getting spammed opt out automatically, and in large numbers, that's it, all it does is speed up the process and further protect against a backlash from the scumbag spam scammers. There is nothing illogical or unethical about it that I can see, and it doesn't even come close to being a vigilante effort, it is pure self defense. Only real spam in real people's inboxes gets reacted to, so there ya go. And "your competitor" you are going to poison the system with? You mean some OTHER spammer? Another cut rate mortgage/bank info stealer or diluted drug or counterfeit watch or dick lengthening merchant? HAHAHAHAH! WHO CARES! The only "competitors" for bogus spammed crap are OTHER SPAMMERS.
We need to get rid of this bogus institutionalized and brainwashed politically correct weenieism in our society, you ARE allowed self defense, at least in the US anyway (outside of strange foreign nations like NYC and chicago where the bill of rights don't seem to matter), following some basic common sense criteria, and I assure you, from a "been there, done that, the bad guy lost hard" personal level (several times actually) it can and does work every single day of the year, even if the MSM won't report on it.
regarding interesting tasks/job
my e-mail larytet at yahoo com
So does this system do nothing against spam that does not contain a url (stock tip, 419's, diploma spam that uses phone numbers instead of urls, etc.)?
that's your mistake, you suppose that the ISPs ARE responsible. they are not, not outside the US/EU anyway. I live in Argentina. I'm a customer of Telecom Argentina, the largest telecom carrier with 200.000 ADSL customers (it's not that big, as you can see). They are NOT responsible. They don't give a shit about spam or whatever. Once, I asked one of the tech support guys why don't they do anything about spam. He told me, we do. We blocked outgoing traffic to port 25, other than that we can't do anything else, we are too few to handle all of this, we get blocked in every spam blacklist, and we can't do anything to get out. In order to do this we must close the customer's account and tell the guys at the blacklist we did, and we will make sure this person will never be a customer of us again, and that we are very sorry for all the damage we caused and a lot of crap. Also, as soon as they remove 1 or 2 of our netblocks, we get 20 more blocked.
That's basically the situation in every "third world" country. Legislation won't help, I don't know why people insist with that. It didn't work inside the US, where they enforce the legislation, it will work even less in countries such as mine. You know, in my country (and most others) we spend a lot of time just trying to survive to worry about "stupid things as spam". I'm usually an anti-Telecom (Telecom Argentina), but I understand them. They get robbed every single day. The price of raw copper is extremely high nowadays here, so thieves go and steal phone wires. You think telecom is going to worry about spammers, when they have to replace tens of thousands of kilometers of phone wires that were stolen? To get you in perspective: Pirelli re-opened their cable factories in Argentina to supply Telecom with their extremely high demand of phone cables.
so, we users have to defend ourselves because the telcos won't help.
boakes.org
does this imply, security by obscurity. not a good idea!
* lon3st4r *
100% correct -- all this tool is doing is evening out the balance so that spam becomes more like a normal commercial interaction.
If the spammers were willing to manually type out each spam message and type my address in by hand, THEN it would be balanced when, receiving the spam, I need to manually navigate to the advertised site, find a "remove me" page, and manually type in my address.
Of course they aren't going to do that -- this is the computer age. Computers exist to rapidly accomplish these kind of tedious tasks: hence the obviousness of also automating the complaint/opt-out procedure for the steadily growing amounts of email I don't want. No DDoS, no "attack", no "fighting fire with fire" or "spamming the spammers" -- just carrying out a normal, totally-legal business relationship on the scale the spammers have chosen.