Is the Blue Frog a prince in disguise?

After writing this reply to Doran's post, I felt it would be worth posting on my blog.


Doran,

I decided that it was worth creating an account on your system to respond to this blog. (If you want more comments, I would recommend implementing a CAPTCHA system)

I want to start by reminding everyone one that we are all on the same side. We are all victims of SPAM, and we are interested in taking measures to prevent SPAM from wasting our resources (time, bandwidth, processing).

There are many effective ways to prevent our users from getting SPAM messages. Doran mentioned several good ones, and I will include MailScanner (which implements multiple anti-SPAM, anti-virus, and anti-phishing detections). While these methods prevent the wasting of our users' time, it does nothing to reduce the quantity of SPAM that we receive and are forced to process.

Currently, Greylisting is an effective way to reduce SPAM and wasted resources. However, I would not underestimate the spammers and their ability to adapt to this technique, if greylisting became used widely enough to harm their business.

Let me tell you about some systems that did harm the spamming industry, enough for them to take action. First, there was the RBL (Realtime Black List) Osirusoft, which was DDoSSed off the internet. He couldn't afford the resources to fight the DDoS attack, and he was getting personal threats, so he was forced to relent and stop fighting SPAM.

I have another example of an effective anti-spam system that was DDoS attacked by spammers. This is the case of the Monkeys.com RBL. I would recommend reading that link, so see what is really happening.

I have only recently learned of BlueFrog since it has been under attack. Since then, I have been highly intrigued by the unique techniques used by BlueSecurity. I have reviewed the methods they use, and considered the ethics of these methods. My conclusion is that the BlueSecurity methods are ethical, and they are effective in reducing SPAM in the long-term. (Traditional anti-spam methods do not have this long-term effect).

I have a feeling that many people do not understand how BlueFrog works, and I recommend that anyone interested in this debate read the information about Active Deterrence on the BlueSecurity website.

Here is my summary of what the Blue Frog application does. BlueFrog allows you to visit the website of every SPAM message that you receive and to use the forms on those websites (usually order forms) to request that you no longer receive email messages from that company. This is a one-for-one response, for every SPAM email you receive, you post an opt-out message on that website. The BlueFrog application simply automates what you could do by hand.

Before you get worried about false-positives or joe-job attacks, you should know that all reported SPAM messages are verified using traditional anti-SPAM techniques and by human review. You should also know that BlueSecurity first tries to contact the company to request that BlueFrog users be taken off of their mailing lists.

I recommend for everyone to sign-up to use the BlueFrog application to report SPAM, and thereby make a real difference in the battle against SPAM.

As a closing thought, I would like to encourage people who post to the Utah Planet to do so in way that is respectful of the other posters.

Comments

Post a Comment

Popular posts from this blog

Using the Cisco console in Linux

Image
Introduction People who work with Cisco network equipment need to be able to connect to the console port on their devices. In Windows, you can simply fire up HyperTerminal to get basic access to your devices. If you are using Linux, then you need to know how this can be done with an application called Minicom . Hardware First, you are going to need a Cisco console cable , a Cisco device, and a computer. If your computer has a serial port , then you can use the standard console cable that comes with every Cisco device. If you do not have a serial port (like most new laptops), then you need to purchase a USB to Serial adapter that supports Linux. This device will allow you to use the standard Cisco cable, which has a serial port on one end. Install Minicom You can easily install Minicom by using "System > Administration > Synaptic Package Manager". Search for "minicom" and choose to install the package. Click "Apply" and Minicom should be insta
Read more

What it takes to make Ubuntu ready for use

I recently installed Ubuntu 6.10 on a new PC at work. In this post I will document all the steps I had to perform to get it ready for everyday use. Each step is assigned a level of difficulty, which I define below: Very Easy Step can be completed without using the command prompt Intuitive to complete Easy Step can be completed without using the command prompt May require searching to find the right place to make the change Medium Requires a single command to be entered at the command prompt Requires searching internet resources to find the solution Hard Requires multiple commands to be entered at the command prompt Requires searching internet resources to find the solution Very Hard Requires multiple commands to be entered at the command prompt Requires searching internet resources to find the solution Requires the user to manually edit a configuration file These criteria are quite strict, because I believe that using an operating system should be intuitive, and not require any spec
Read more

Five ways to use Windows apps in Linux

Image
1. Use an open source alternative instead When someone asks me if they can run "Windows Application X" on Linux, the first thing I tell them is to look for an open source alternative. For most Windows applications, there will be a high-quality open source alternative that can meet their needs. The biggest hurdle for non-Linux people is simply knowing that these alternative exist and how to find them. The best place I have found to search for these applications is at www.osalt.com . On that site, you can enter the name of the Windows application and it will list the open source alternatives that provide similar functionality. Be sure to check it out. 2. Buy a commercial product that was designed for Linux If you cannot find an open source alternative, and you have not already purchased a Windows application, then you should consider purchasing a commercial product that was designed for Linux. Here is a story of a civil engineer who wanted to find an open source replacemen
Read more