Monday, May 22, 2006

The Life and Death of Blue Frog Anti-Spam Effort

When I first heard about Blue Frog, I was impressed by their inventiveness to halt spam. Blue Frog was developed by Blue Security, a security firm working out of Israel. Blue Frog had a very innovative way to deal with spammers. First, Blue Security invited e-mail users to join together to create a community, Blue Frog. Each member can add up to 3 e-mail addresses. In addition, members must install a Blue Security software application on to their computers. Second, Blue Security opens several bogus e-mail accounts for each member. These accounts are designed to attract spam – it’s like a honeypot for emails. Whenever a member of the community received spam, Blue Frog would automatically send an opt-out request on behalf of the member. Now, typically, sending one or even a few opt-out request would do very little to discourage a spammer. Spammers send out huge volume of spam; therefore, even if a fraction of the spam got through the spammers still made money. But, what would happen if tens of thousand or even hundreds of thousand sent opt-out request to the spammers? The latter is what Blue Frog does. It uses the power of numbers to stop spam. If spammers attack one member then they had to contend with the other five hundred thousand members. The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) law allows a person to send one opt-out request for each e-mail address that received the spam e-mail. It is difficult to say if Blue Frog adhered to the rules as set forth by the law.

Spammers alleged Blue Frog sent out opt-out requests for all of its members, regardless if the member received that particular spam or not. Essentially, spammers accused Blue Frog of launching a DDoS (distributed denial of service) attack. Regardless, Blue Frog was very effective. So effective that spammers took notice. Most spammers were intimidated while others saw this as a declaration of war. One particular spammer, calling himself PharmaMaster, first threatened Blue Frog with releasing the names of its members on to the Web. Blue Security’s CEO, Eran Reshef, didn’t flinched and dismissed it as an empty threat. A week later, PharmaMaster launched an enormous DDoS attack on Blue Security’s website which shut downed their site. To make matters worse, Blue Security redirected their Internet Traffic to their blog. The result of which was to crash thousands of other weblogs. PharmaMaster used a bot army of 10,000+ hijacked computers to launch the DDoS attack.

In response to the attack, Eran Reshef announced that Blue Security will remain vigilant and undeterred by the attack, if only that was true. Within two weeks of the attack, a desponded Eran Reshef announced that Blue Frog will be closing down permanently. This was a serious blow to the anti-spam effort. However, there is talk about forming other Blue Frog service.

Suggested Reading:

  1. - Spam Slayer: Bringing Spammers to Their Knees – by PC World.

  2. TechWeb | News | Spammer Threatens Anti-Spam Group – by TechWeb.

  3. Wired News: Retaliation for Antispam Success? – by Wired News.

  4. Wired News: Retaliation for Antispam Success? – by Wired News.

  5. In the Fight Against Spam E-Mail, Goliath Wins Again – by Washington Post.

No comments: