Is the Blue Frog a prince in disguise?

After writing this reply to Doran's post, I felt it would be worth posting on my blog.


Doran,

I decided that it was worth creating an account on your system to respond to this blog. (If you want more comments, I would recommend implementing a CAPTCHA system)

I want to start by reminding everyone one that we are all on the same side. We are all victims of SPAM, and we are interested in taking measures to prevent SPAM from wasting our resources (time, bandwidth, processing).

There are many effective ways to prevent our users from getting SPAM messages. Doran mentioned several good ones, and I will include MailScanner (which implements multiple anti-SPAM, anti-virus, and anti-phishing detections). While these methods prevent the wasting of our users' time, it does nothing to reduce the quantity of SPAM that we receive and are forced to process.

Currently, Greylisting is an effective way to reduce SPAM and wasted resources. However, I would not underestimate the spammers and their ability to adapt to this technique, if greylisting became used widely enough to harm their business.

Let me tell you about some systems that did harm the spamming industry, enough for them to take action. First, there was the RBL (Realtime Black List) Osirusoft, which was DDoSSed off the internet. He couldn't afford the resources to fight the DDoS attack, and he was getting personal threats, so he was forced to relent and stop fighting SPAM.

I have another example of an effective anti-spam system that was DDoS attacked by spammers. This is the case of the Monkeys.com RBL. I would recommend reading that link, so see what is really happening.

I have only recently learned of BlueFrog since it has been under attack. Since then, I have been highly intrigued by the unique techniques used by BlueSecurity. I have reviewed the methods they use, and considered the ethics of these methods. My conclusion is that the BlueSecurity methods are ethical, and they are effective in reducing SPAM in the long-term. (Traditional anti-spam methods do not have this long-term effect).

I have a feeling that many people do not understand how BlueFrog works, and I recommend that anyone interested in this debate read the information about Active Deterrence on the BlueSecurity website.

Here is my summary of what the Blue Frog application does. BlueFrog allows you to visit the website of every SPAM message that you receive and to use the forms on those websites (usually order forms) to request that you no longer receive email messages from that company. This is a one-for-one response, for every SPAM email you receive, you post an opt-out message on that website. The BlueFrog application simply automates what you could do by hand.

Before you get worried about false-positives or joe-job attacks, you should know that all reported SPAM messages are verified using traditional anti-SPAM techniques and by human review. You should also know that BlueSecurity first tries to contact the company to request that BlueFrog users be taken off of their mailing lists.

I recommend for everyone to sign-up to use the BlueFrog application to report SPAM, and thereby make a real difference in the battle against SPAM.

As a closing thought, I would like to encourage people who post to the Utah Planet to do so in way that is respectful of the other posters.

Comments

Post a Comment

Popular posts from this blog

Using the Cisco console in Linux

Linux NIC teaming recommendations

What it takes to make Ubuntu ready for use