by Mike Masnick

Vigilante Do Not Spam Email List Discovers Spammers Aren't Trustworthy

from the in-case-you-were-wondering dept

Last summer, a security startup made a lot of news for being the latest in a long line of "anti-spam" firms to try a vigilante -based do-not-spam list. The way it works is pretty straight forward. People put their names on the list. Spammers can clean their own spam lists by comparing it to the Blue Security list (they don't get to see the whole list, but it does tell them who to remove from their own lists). If the spammer still spams someone on the list, Blue Security goes into vigilante mode and fills up the spammer's web forms with junk info, hopefully leaving the spammer begging for mercy. It's certainly an appealing idea... when it works. However, there are certainly a few things that can go very, very wrong. First, we're talking vigilante justice, and that can mean totally innocent parties are harmed without much recourse. All a spammer needs to do is have a spam message pointed at someone else's site. Second, some of this requires that spammers have some honesty or integrity (stop laughing). The database has even been built into at least one popular spamming tool for spammers to clean out their lists. That works if the spammers actually believe they're better off not spamming those people -- but many spammers prefer to anger and annoy anyone who dares to ask off of their list. This has always been the problem with do not spam lists. Annoying spammers who are already hiding from the law won't look on it as a list of people not to spam, but as a list of live addresses that they absolutely must spam. So, it was only a matter of time before a spammer "washed" his spam list with the Blue Security list, and then emailed everyone who it removed from the list, threatening to bombard them with spam until they dropped off the Blue Security list. This is a silly threat, of course, since dropping off the list means that same spammer is going to spam you anyway, but it is leading some to freak out that Blue Security's database has been compromised. That's not quite true, since it's only those who were on both this spammer's list and the Blue Security list, but it does highlight yet another problem of this type of service.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    vmd, May 2nd, 2006 @ 10:46am

    My mail box is all Black and Blue, but will never

    I did start getting more spam now but it could be worse. It's still rather annoying.

    The question however remains: How do we deal with spam? Do we create elaborate filters? Do we sue and jail them one by one? Do we resort to Do-Not-Email lists? Do we start charging spammers for spam 25c per email? Perhaps we could just close are eyes and it will go away? What do we DO?

    reply to this | link to this | view in thread ]

  2. identicon
    JerseyRich, May 2nd, 2006 @ 10:54am

    My spam filter works great. It hardly ever lets one get through. The only problem is that it sometimes puts a legit email (that I want) into the junk mail folder. So, even though my filter works great, I still have to go through the spam to check for good mail.

    Spam sucks.

    reply to this | link to this | view in thread ]

  3. identicon
    AC, May 2nd, 2006 @ 10:55am


    So a spammer can match up with them a list of completely randomly generated emails and receive back all the ones that exist in their system, knowing that these are live email addresses that people actually look at? That doesn't seem like a particularly good idea.

    reply to this | link to this | view in thread ]

  4. identicon
    mr. rogers, May 2nd, 2006 @ 10:56am

    blue sec down

    kill all spammers. i use the frog for my domain and it has worked great for the last few months. the man won't stop the spammers(hoyray for capitalism). so i'm all for fighting back.
    we recieved a bulk of spam today. most was stopped by my in house anti-spam but at least 10 times more than we recieved the day before.
    it seems as if the frog is either dead or real busy 'cause i can't pull up the sight.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, May 2nd, 2006 @ 11:01am

    kill off the spammers one by ane and it willl stop

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, May 2nd, 2006 @ 11:08am

    LOL, thanks for stating the obvious....

    If anyone gives a spammer credit card info, you'd really have to wonder about them..

    All Spam = Don't buy from them, seems simple enough to me...

    reply to this | link to this | view in thread ]

  7. identicon
    RR, May 2nd, 2006 @ 11:30am

    Here's another form a "spammer" attack.. I wonder if anyone has heard of this -- I certainly haven't before my email address became a "target"...

    As one of the first to reg. for a gmail account, I picked a name that proved to be popular with Russians. As gmail got more and more popular, I started getting more and more of "here's how to reset your password" forms in my email. Then, all of a sudden, I started receiving TONS of bounced mail. Apparently, someone started using my email as the "from" email in their spam emails, and of course, they'd send emails to tons of dead email addresses. All with crap russian mass-mailings. I also tend to get a lot of auto-replies -- saying stuff like "sorry, we think you're a spammer" or "this email address is dead now" -- and there's no easy way to sort that out.

    Anyone else know of such tactics?

    reply to this | link to this | view in thread ]

  8. identicon
    Sea Man, May 2nd, 2006 @ 11:41am


    reply to this | link to this | view in thread ]

  9. identicon
    Gary272, May 2nd, 2006 @ 11:45am

    Spammers beware

    I tend to use a seperate email address for forms and junk I have to fill out in order to reach information I am searching for. That helps. The Dummy address gets tons of spam.

    Second collect all of you spam mail adress and make a group mailing list for all of your junk mail and then email all of the junk mail back to the whole list of Junk mail you received. Some will make it a real collection point and some may not. To the ones it gets to.... well they get what you got. lolol


    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, May 2nd, 2006 @ 11:48am


    It's called a Joe Job.

    reply to this | link to this | view in thread ]

  11. identicon
    Wayne C. Smith, May 2nd, 2006 @ 11:51am

    use filters, report spam that gets through

    1) use your providers spam filtering
    2) use a client side spam filter (if windows, spampal)
    3) report any spam that still gets through. Use programs like to make it easier.

    Spampal and spamabuse are free. Both are windows and both work extremely well.

    Our abuse staff has dones 100s of thousands of LARTs with spamabuse. They've gotten child porn web sites turned off, 419 scammers drop boxes killed, etc. I'd highly recommend the filter and LART the ones that get through. I'm unlucky if I see more than 10 spams to any of my active accounts for an entire year.

    reply to this | link to this | view in thread ]

  12. identicon
    Paul, May 2nd, 2006 @ 12:02pm

    Jerk Off

    I got one of those emails from the spammer in question. He can go f**k himself. A decent spam filter will block his emails anyway. So his little vegeance campaign does nothing. He's really just jerking himself off if he thinks anyone but morons will cave to his tactics. Long live the frog, may every unsolicited spammer die a coward's death.

    reply to this | link to this | view in thread ]

  13. identicon
    Chriso11, May 2nd, 2006 @ 12:09pm

    The benefit still lies with the anti-spam

    Why do spammers send spam? Simple - to make money. Any activity that is not involved in spamming or collecting money is a loss for them. Since they have to respond to BlueSecurity, it is shown to be effective.

    Right now, the collateral damage is bad, but it's not any worse than what the spammers are already doing, such as Joe Jobs. So two web sites have gone down due to anti-spam activities. That sucks, but it is due to spammers not playing by the rules.

    Spammers will continue these efforts to stop the anti-spammers, and it will get worse. But remember, fighting back costs the spammers too. Eventually, when the economics of spamming are no longer so positive (for the spammers), they will cease. It will probablly get very ugly right before that though.

    reply to this | link to this | view in thread ]

  14. identicon
    RR, May 2nd, 2006 @ 12:18pm

    Re: Re: Joe Job

    Interesting, and thank you for the piece of info. I didn't realize that this was as common as it appears to be.

    reply to this | link to this | view in thread ]

  15. identicon
    RoyalPeasantry, May 2nd, 2006 @ 1:01pm

    Gmail Junk-Mail Filters

    Gmail has never let me down yet. Caught every piece of spam and has never labled anything as spam that wasn't.

    reply to this | link to this | view in thread ]

  16. identicon
    RR, May 2nd, 2006 @ 1:19pm

    Re: Gmail Junk-Mail Filters

    It's much better than anything I've used so far in terms of catching spam, but even gmail isn't infallible. I get 3-4 emails a day that are clearly spam and don't get filtered into spam box. Fortunately, I've not seen (don't think) anything in the spam box that should be in inbox, so that's great.

    reply to this | link to this | view in thread ]

  17. identicon
    Martin, May 2nd, 2006 @ 2:30pm

    Ha ha! You didn't get me...kinda...

    Yeah...I got 14 emails from this guy...(ellipses are fun) I BlueFrogged them. No sweat. They were all nonsensical, except for two of them, where the bodies were identical; they were the aforementioned email sent by the spammer. There was some anti-semitism in there, too...

    reply to this | link to this | view in thread ]

  18. identicon
    Tomasz Andrzej Nidecki, May 2nd, 2006 @ 2:34pm

    Another entry from someone who doesn't understand

    Blue Security's actions might be controversial, but so are e.g. DNSBL's (harming innocent bystanders using the same server or the same IP), so is SPF (forcing people to go with the technology and publish records). Methods of fighting spam were never 100% fair, there were and there always will be side effects.

    But to clear some statements made in this entry. Blue Frog does not go into "vigilante mode". It sends complainst from the user who has RECEIVED and FORWARDED the spam to Blue Security. Therefore it only AUTOMATES the complaint, which could have been made by the user who received spam.

    Therefore, if the user does not forward the spam spamvertizing a certain address, that user does not complain. Additionally, all spamvertized sites are checked by humans (tech specialists) at Blue Security before scripts for the site are prepared. Therefore, if the spammer joe-jobs an innocent website, these people will notice it and will NOT prepare such scripts.

    All comments about Blue Frog being a "DDoS machine" or an illegal/immoral solutions are due to the fact, that authors of this comment, such as author of this entry, are unfortunately incompetent, and did not read about how the application/system works, and did not try the system themselves. I am using Blue Frog for about 2 months, and I've read how it works, unlike the author of this entry.

    And all I can say, this "attack" is only a lame attempt to scare people off and it shows people are not scared that easily. Spammers are only encouraging more people to use Blue Frog, because people notice, that spammers are getting desperate and aggresive, because they're actually losing business because of Blue Frog. And all the publicity also helps.

    reply to this | link to this | view in thread ]

  19. identicon
    Josh, May 2nd, 2006 @ 3:40pm

    Blue Frog Rocks!

    I've used Blue Frog since I read about it 6 or 7 months ago. I couldn't agree more with this statement:

    "But to clear some statements made in this entry. Blue Frog does not go into "vigilante mode". It sends complainst from the user who has RECEIVED and FORWARDED the spam to Blue Security. Therefore it only AUTOMATES the complaint, which could have been made by the user who received spam. "

    And we know Blue Frog WORKS. The reason the is down at the moment is because someone has launched a DDos against them. Check out the SANS Internet Storm Center -

    How much you want to bet that Blue has managed to piss off a spammer enough that the spammer is trying to get revenge on them?

    If the bad guys are shooting at you, you know you're doing something right.

    reply to this | link to this | view in thread ]

  20. identicon
    |333173|3|_||3, May 2nd, 2006 @ 7:47pm

    Special e-mail address for forms

    A group of my friends hve 2 email addresses for using when we sign up to forms on websites. If we trust the site we use our own public address, for friends we use our private address, for sites which might just be sending legit emails we use one we all have acces to and look to see if any are for us (this one we change about every 3-4 months), and if the site requires an email address and we do not trus them, or they are spamming one of our other email addresses we give them an email address of an account which tests the OS ofthe originating computer and automatically replies with one of a huge list of assorted malware to trash their computer.
    the number of spam messages from most of the worst sites to us has dropped. :-)

    reply to this | link to this | view in thread ]

  21. identicon
    mcsolas, May 2nd, 2006 @ 7:52pm

    this is messed up.

    I got so much of this spam today. I have to say I was a little worried, especially when I saw the second round of messages come in with a "by the way their site is down" included in there. It was, as is now known.

    At the time, I was a bit worried.. the spam seems to have already stopped. Thankfully. Threats suck even when you know they are full of hot air.

    I had no idea how blue security operated. I am not sure what to make of the whole situation, but all I say is .. I dont want to be spammed.

    reply to this | link to this | view in thread ]

  22. identicon
    Anonymous Coward, May 3rd, 2006 @ 3:48am

    Blue Frog ARE spammers

    Blue Frog are widely blacklisted because they are just one more
    group of lying scumbags seeking to cash in on the net's spam problem
    BY MAKING IT WORSE. Oh, they're not stupid: they're just
    greedy, and they know full well that there's an ample supply of
    morons who will sign up for their "service".

    So what we really have here is a fight between two sets of scumbags.
    Here's hoping that it escalates as much as possible so that they do
    maximum damage. And if that includes the morons who have chosen
    to support spam and abuse by signing up to be their customers: that's
    fine. Morons deserve to suffer.

    reply to this | link to this | view in thread ]

  23. identicon
    Zeroth404, May 3rd, 2006 @ 7:04am

    I say we legalie the Death Penalty ONLY to email spammers in every state.

    that sounds good. what do you guys think?

    reply to this | link to this | view in thread ]

  24. identicon
    Andrew Pollack, May 9th, 2006 @ 5:59pm

    I just signed up with a new filter service, and it

    I just outsourced my mx servers to EmeraldSpamShield as a service. They were cheap, effective, and the home made software I was runing to defend my mail system worked but was killing the processing performance on my systems. Offloaded for a few bucks a month and it was worth it.

    FCK those guys. I'd love to do real physical harm to some of them.

    reply to this | link to this | view in thread ]

  25. identicon
    Brent, Sep 9th, 2007 @ 12:34am

    Meanwhile the spammers are at large..

    You might get a laugh out of this guy who is still at large and swimming in cash last I heard. No fear with no laws in Canada .... YET!

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.