TECH: Blue Frog’s legacy? Users are fed up and ready to fight. Just give’m a target!

From the Ashes of Blue Frog

May 26, 2006
From the Ashes of Blue Frog
the LOOSE wire blog
technology: usage and abusage. By WSJ columnist Jeremy Wagstaff 

***Begin Quote***

The Blue Frog may be no more,  but the vigilantes are. Seems that despite the death of Blue Security in the face of a spammer’s wrath, the service has built an appetite for fighting back.
***End Quote***

Jeremy posits some interesting questions:

***Begin Quote***

Actually I thought the link Blue Frog used wasn’t unsubscribe (which is usually fake, since if it wasn’t would then pull the spammer back within the law) but the purchase link. 

***End Quote***

I THOUGHT that the Blue Forg team was doing analysis to find the beneficiary of the spam. AND then that beneficiary was petitioned to give relief.

I would not want to bear the wrath of the inet public should say a major company be found benefitting by spam. I'm thinking of the spammers that offer an XYZ gift card for signing up.

***Begin Quote***

Any member who is on the spammer’s list (developed by the logical subtraction from their original list by their new cleaned list) will now be vulnerable to the kind of mass email attack that Blue Frog’s destroyer launched.
***End Quote***

I'd suggest that deliberately letting the spammers "collect" salted email addresses could be a strategy. If for example, an ISP, Google GMail, and or Yahoo "allow" all email addresses thru. Spammers would get no feedback about bad addresses. They would lose a good way to cut their problem down to size.

For example, let's assume 8 character names, like A12345467@XYZ.com. That address space has (36)**8 possible combination. Let's further assume that a spammer sends via his botnet a spam to that address space. Assume that our spammer puts return addresses that he can check. That feedback allows him to reduce his target space. He'l get some confirmation from vacation type messages and the absence of a bounce. He can determine what are valid addresses in the @xyz.com space. If we deny him the feedback of bounces, then everytime he wants to spam, he has to cover the domain.

We lose the ability to know about bouncing emails, but … … if we use receipt, we'll knwo what doesn't get thru.

Just a thought! 

Please leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s