Vigilante Do Not Spam Email List Discovers Spammers Aren't Trustworthy
from the in-case-you-were-wondering dept
Last summer, a security startup made a lot of news for being the latest in a long line of “anti-spam” firms to try a vigilante -based do-not-spam list. The way it works is pretty straight forward. People put their names on the list. Spammers can clean their own spam lists by comparing it to the Blue Security list (they don’t get to see the whole list, but it does tell them who to remove from their own lists). If the spammer still spams someone on the list, Blue Security goes into vigilante mode and fills up the spammer’s web forms with junk info, hopefully leaving the spammer begging for mercy. It’s certainly an appealing idea… when it works. However, there are certainly a few things that can go very, very wrong. First, we’re talking vigilante justice, and that can mean totally innocent parties are harmed without much recourse. All a spammer needs to do is have a spam message pointed at someone else’s site. Second, some of this requires that spammers have some honesty or integrity (stop laughing). The database has even been built into at least one popular spamming tool for spammers to clean out their lists. That works if the spammers actually believe they’re better off not spamming those people — but many spammers prefer to anger and annoy anyone who dares to ask off of their list. This has always been the problem with do not spam lists. Annoying spammers who are already hiding from the law won’t look on it as a list of people not to spam, but as a list of live addresses that they absolutely must spam. So, it was only a matter of time before a spammer “washed” his spam list with the Blue Security list, and then emailed everyone who it removed from the list, threatening to bombard them with spam until they dropped off the Blue Security list. This is a silly threat, of course, since dropping off the list means that same spammer is going to spam you anyway, but it is leading some to freak out that Blue Security’s database has been compromised. That’s not quite true, since it’s only those who were on both this spammer’s list and the Blue Security list, but it does highlight yet another problem of this type of service.