Rajaats Weblog

My weblog about all things that interest me (and hopefully you): viruses, programming in general, death & black metal, certain web sites... Well, it could be anything.

Wednesday, July 20, 2005

Blue Frog fights fire with fire.

Slashdot mentions a program from Blue Security, called Blue Frog, which is a program that tries to fight spam in another way than usual spam filters do. People who sign up become part of a DDoS network, but in a bit more sophisticated way than the screensaver Lycos used to distribute. You can add up to three email addresses that should be protected. Whenever you receive a spam email in one of those email boxes you forward it to an address at Blue Security (yoursignedupname@reports.bluesecurity.com), where they will look for the website linked to in the spam mail (a typical spam mail wants to direct you to their site). Then, on behalf of you they will warn the site owner and the ISP the site is hosted at that they are sending unsollicited email and should download a hash list and a tool to clean our their harvested emails database. If they do not comply, all the users that signed up and have the Blue Frog client running will start filling up the webforms with repeated requests to be taken off the spam list, effectively ruining the spammers business by adding filth to their selling databases and causing a DDoS attack.

I must confess I think this is a very nice idea, alas, as a former virus writer I'm known for having little ethical problems with these kinds of things and will gladly sign up, whereas other people might frown upon the tactics they use.

However...

Sceptical as I am I downloaded the "Do Not Intrude Registry" Compliance Tools, with which you can check wether you are using email addresses that have signed up for not receiving any spam mail anymore and created a small text file with the following addresses:
info@bluesecurity.com
postmaster@bluesecurity.com
webmaster@bluesecurity.com
sales@bluesecurity.com
root@bluesecurity.com
info-dep@bluesecurity.com
press@bluesecurity.com
marketing-dep@bluesecurity.com
careers-dep@bluesecurity.com
cleanup@bluesecurity.com
legal-dep@bluesecurity.com
and processed it with their tool. I was quite amazed that none of these addresses were listed as protected by their own system. I think a company should stand behind their own product and use it, how else could you convince people to use it if you don't use it yourself? How about Mikko Hypponen if he would use, say, Norton Antivirus to protect his computer instead of using F-Secure?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)