Blue Frog: Blue Security Brings Us Yet Another Abusive DDOS “Anti-Spam” Program

The Internet Patrol default featured image
Share the knowledge

Will people never learn? Apparently not, as California’s Blue Security brings us Blue Frog, YADDASP (Yet Another DDOSing Anti-Spam Program).

The underpinning of start-up Blue Security’s Blue Frog is the “Do Not Intrude” registry. Users register up to three email addresses with the registry, and when spam comes to a registered address, the program looks up the spamvertised website, finds forms on the site which can be filled out (say an order form, or an email contact form) and for each spam received, the system fills out one of the forms on the site – not with an order, but with a demand to stop sending spam.

Of course, in enough volume such form-submissions can easily cripple a webserver, and that’s exactly the intention of Blue Frog.

In otherwords, to create a DDOS (distributed denial of service) attack.

Blue Security’s CEO, Eran Reshef, offers a fair amount of doubletalk around the subject. In the course of one interview he said both that the “amount of complaints going to the spammer’s site is going to make it hard [for that site] to do anything else,” and that Blue Security is “not creating any harm. We’re not trying to shut down any web sites. But we have the right to complain, one for one.”

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

But regardless of how Reshef may try to backpedal under the growing storm of denouncement coming from even those in the anti-spam community, the Blue Frog FAQ makes their desire to hurt spammers by abusing their system clear:

“Rogue advertisers pay spammers to launch their campaigns, and are therefore the root cause of spam. These advertisers must make sure potential buyers know where to purchase their products. Hence, unlike spammers, they cannot hide their identity because this renders their mass mailing campaign totally ineffective. Blue Security makes non-compliant advertisers lose money, forcing them to make sure their spam campaigns are Blue-compliant.”

Now, Aunty would be the first to agree with making the advertisers who use the services of spammers culpable. That’s what the McCain amendment portion of CAN-SPAM is all about. But abuse is abuse, and it’s just not ok to use abuse to fight abuse.
The concept of crippling a spammer with a distributed attack on their resources is nothing new. It has been tried, and failed miserably, before, most notably with with Lycos’ aborted “Make Love, Not Spam” campaign, and more recently with the controversial Mugu Marauder campaign.

But perhaps most amazing of all in terms of the “what, they did it again?!” factor is that Blue Security has actually secured $3million dollars in funding from VC firm Benchmark Capital.

When will they ever learn?

[Ed. note: based on several responses in the comments below, it’s pretty clear that people who sign up for Blue Frog really don’t get what they are signing on to. Did you not read the following before you gave them your email address, and let them start using your computer as part of a distributed attack against machines which may not even know they are harbouring spammers (much like you may not know you are using your computer to attack what may be innocent machines?)

This is from Blue Frog’s own website (read it all):

“Opt-out requests are posted by the Blue Frog client application used by consumers that added their personal e-mail addresses to the Registry through Blue Security’s free consumer offering.

Requests are not posted by Businesses and organizations that added their e-mail domains to the Do Not Intrude Registry through Blue Security’s paid business offering.

For each site advertised by spam, Blue Security develops a script for the Blue Frog client, instructing it how to submit an opt-out request on that site.

Each user’s Blue Frog client retrieves the scripts from Blue Security servers and posts the opt-out requests. A single opt-out request is posted per each spam message received by that user.

Complaints are posted in a manner similar to the way a user would manually try to opt-out of spam – Blue Frog opens an HTTP session with the spamvertised site, visits the site according to the flow of instructions included in the script and posts the opt-out text in forms found on the Web site, such as registration or purchase forms.

Opt-out requests do not contain any information that may jeopardize the users’ privacy. The Request encourages the merchant, email marketers and spammers to download the Registry Compliance Tools, remove all e-mail addresses listed in the Registry from their mailing lists and stop sending spam to Blue Security customers.”

Now, before you rush to your own and their defense, really read what this says. It says that it takes information and populates webforms. It doesn’t submit a real opt-out request, and if it did, it wouldn’t do any good, because spammers don’t honour opt-out requests.

Instead it goes to whatever website is there, and finds whatever webforms it can, and puts “unsubscribe me” language in that webform, no matter what that webform is, no matter to whom it actually belongs.

Your own computer may only send a few to each site, but to how many sites is it sending? And combined with however many others are being sent at the same time to the same site from the thousands that Blue Frog claims, that is the very definition of a DDOS.]

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

71 thoughts on “Blue Frog: Blue Security Brings Us Yet Another Abusive DDOS “Anti-Spam” Program

  1. from your article it’s pretty easy to see you are a not bright. Losers like you need an education not a website. What’s your bright idea to stop the spammers. I have an answer… kill the pricks then their spam dies with them.

  2. “If a telemarketer calls you, over and over, even if it’s collect and they somehow force you to accept the charges, you are not allowed to go to their home or office and trash the place. You are not allowed to go to their home or office and throw a “take me off your listâ€? note through their window.”

    It doesn’t matter if I’m allowed to do those things; that’s not what BlueFrog is doing. It’s the equivalent of me calling the telemarketer back and screaming “STOP CALLING ME!” Oh, and everyone else the TM called all day long would also call back and scream a bit. Fair enough, I say.

  3. I haven’t been able to get onto Blue Frog for a while – they were under attack themselves. I quite like the idea of fighting spam….even the reports I sent in were bouncing. I think there’s a disgruntled spammer out there, my email address was reported to Yahoo, even though it’s not a Yahoo email account!

  4. Either you have had a bad experience with Blue Frog Security, or you are just really bored. Are you even READING your comments on this? I suggest you do, because for every one I’ve seen, people are saying that BFS is a good thing. And do you know why? Because contrary to popular belief, many people ARE smart.
    You’re just not one of them.

  5. It’s wrong to fight abuse with the same abuse? I’m just not sure that’s what happening. I’m not ‘abusing’ anyone. I’m fighting back. I liken it to someone breaking into my home and pointing a gun at me. If I so choose, I can pick up a gun and point it back. I can also shoot at this person if they start shooting at me. Are you saying that I am wrong to do that?

    The fact of the matter is that these SPAMMERS have to learn a lesson, and no one else out there is teaching it. Unless some other bad issues come out about Blue Frog, I applaud their attempts to get these damn spammers out of business and out of my inbox.

  6. More shite!
    ‘A suitable metaphor would be that no matter how evil your enemy a shoot out in a urban area will draw innocent people into the fray.’
    Click! click! BOOM!
    Or!… “I say! It’s an awfully bad sheew sending all this hate mail! Pleeese stop sir!”
    Automated spam deserves automated replys without any warning.
    Americans are always to much or not enough.

  7. Given that the total cost of spam to businesses all over the world runs into billions of dollars, I can’t understand why the governments of the world don’t organise something like this.

    After all, governments are imune from accusations of the “two wrongs don’t make a right” variety – otherwise they wouldn’t have the power to imprison kidnappers, fine thieves or execute murderers.

    Why is it that governments appear not to think twice before invading other countries or bombing innocent women and children but when Denial of Service is mentioned they suddenly acquire morality?

    By the way, even if innocent webservers were hit, surely this would only last until the offending site was removed and the DNS records updated?

  8. Better than attacking than a pre-emptive strike though right?.

    And personally I LIKE that my computer is being used to send a vicious message out to unsecure servers – LIKE I CARE AT ALL if they are unknowningly hosting a spammer, its not my damn job to suffer spam because they don’t know… bombs away!

  9. The problem with DOS attacks is that they draw innocent people into them ie anyone who shares the server being DOS attacked, not to mention all the bandwidth globally being eaten up by the attack.

    A suitable metaphor would be that no matter how evil your enemy a shoot out in a urban area will draw innocent people into the fray.

  10. I really appreciate what Blue Security is doing with their Blue Frog. There has been a lot of talk going on whether what Blue Security is doing is correct or not. All I want to say is that after installing Blue Fong my spam has reduced 90% and I want to express my gratitude to Blue Security Team. Blue Frog requests spammers to remove us from their spamming list and gives them time to comply to the request. I dont know why these spammers are wasting their efforts in sending us 50 emails a day, we dont even read one of them. it just wastes our time deleting those emails. Spammers are cruel and deserve the Blue Frog treatment.
    As everyone knows, Blue Security website was down for some days, but it made me more resolute to post more articles supporting Blue Security. Spammers attacking Blue Security only means that Blue Security was successful in hurting spammers and frustrating them. Also, now im getting spam telling me to quit Blue Security. Believe it or not, i got a lot of such messages, but they are still less than what i used to receive before intalling Blue Frog. Now i receive spam without links! which means Blue Frog cannot harm them because it cannot fill up order forms and return back to spammers. but this is still ok, because without links, spam are useless to spammers, they just end up spending money without getting returns. Besides i feel those who order pills claiming to enlarge ur thing by 4″ are morons.

    Cheers Blue Security, you are doing a lot of damage to spammers and you are in the right direction. expect more damages from spammers, but that is because you are successful in hurting them.

  11. I’m amazed at how off your analysis is — the spammers have automated tools to send the email. Why can’t users have automated tools to complain? If the spammers are willing to personally type each spam, I’m willing to go back to personally typing each complaint.

    I agree that if Blue Security wants to remain “the good guys” and beyond reproach they need to keep away from anything resembling dirty tactics.

    But (and this may be a change in Blue Security’s practices since you wrote this article…) it’s important to know that currently they actively try to contact the spamming company *before* writing the complaint script. That way, any of these sites (even if they’re spamming illegally!) can avoid the bandwidth costs of the complaints by simply using the *free* removal tools to clean their lists before the next mailing.

    This goes far above and beyond “fair play” and takes all possible steps to allow spammers to stay in business… as long as they leave Blue Frog members alone.

    Explain again why this is wrong?

  12. If a telemarketer calls you, over and over, even if it’s collect and they somehow force you to accept the charges, you are not allowed to go to their home or office and trash the place. You are not allowed to go to their home or office and throw a “take me off your listâ€? note through their window. It doesn’t matter if you throw only one note per call you’ve received. And if you do it as part of a mob, each throwing one note per call through their window, and you damage their house, or make it impossible for others to get in or out of the building, guess what? You have broken the law.
    Absolute shite!
    This is not the same as spam. Go and tell your friends this stupid story at your next dinner party. Some of us live in the real world.
    I am now getting no spam. Did you read that No spam!
    PharmaMaster need spamming. They do not play by any rules and niether should we.
    Go and cry to your mum little boy!

  13. What the hell is wrong with all of you Blue Frog lemmings? Don’t you CARE that you are doing something ILLEGAL?

    If a telemarketer calls you, over and over, even if it’s collect and they somehow force you to accept the charges, you are not allowed to go to their home or office and trash the place. You are not allowed to go to their home or office and throw a “take me off your list” note through their window. It doesn’t matter if you throw only one note per call you’ve received. And if you do it as part of a mob, each throwing one note per call through their window, and you damage their house, or make it impossible for others to get in or out of the building, guess what? You have broken the law.

    Now in the case of Blue Fog, you bet that what you are taking part in is a DDOS, and you bet that IT IS ILLEGAL!

    Here is the Federal law making it illegal:

    “Title 18 U.S.C. 1030(5)(A) states:

    “through means of a computer used in interstate commerce or communications, knowingly causes the transmission of a program, information, code, or command to a computer or computer system if:
    (I) the person causing the transmission intends that such transmission will –
    (I) damage, or cause damage to, a computer, computer system, network, information, data, or program; or
    (II) withhold or deny, or cause the withholding or denial, of the use of a computer, computer services, systems or network, information, data or program.”

    It can’t be any clearer than that. Blue Fog is using YOUR computer as part of their DDOS. It’s illegal.

    And guess what. Blue Fog doesn’t give a fuck that they are having you break the law because THEY are sitting in Israel where they can’t be touched, with a great wodge of VC cash, laughing all the way to the bank.

  14. Blue Frog appears to have staved off the worst of the attack on the Blue Security sites by the criminal spammer (aka PharmaMaster)and is mostly back up and running. In fact the spammer slime seems to have shot himself in the foot by rallying the Blue Frog community and inviting unprecedented publicity across the net in support of Blue Frog. Blue Frog couldn’t have paid for this kind of positive publicity. Thanks so much PharmaMaster for promoting the Blue Frog cause and effectively enlisting THOUSANDS of new Blue Frog members in the process!!

    For updates on the ongoing saga:

  15. Every spam sent should get one complaint. What is wrong with that? Unless you send spam.
    Try a program called Spam Revenge.

  16. My spam through NTL is now down to zero with the frog. Fuckin zero!
    Today Blue security is under attack. The site a facke certifiacate is trying to send you to wd security.
    Got the fuckers one the run for sure.
    Ethics? Dumb middle classes.

  17. Me thinks that JZP either wrote the article or is a spammer himself. The only “idiot” here is you JZ. It’s not a difficult concept to grasp – let me go SLOWLY for you – we are each entitled to complain about unwelcome spam e-mails (one complaint only per report). Exercising one’s right to complain about illegal (and offensive) activity does not in any fashion constitute “abuse”.

  18. It is simplistic to equate what Blue Security is doing and what the spammers do, particularly by comparing the mechanics by which they operate. Much of the above criticism of BS assumes that using botnets is immoral or abusive. But that is not true. Distributed computing enterprises – of which SETI is one of the most famous – use botnets, but nobody would consider them to be abusive.

    What makes a botnet unethical? One factor is whether the bot’s host is acting voluntarily or involuntarily. In the case of spammer botnets, the hosts are acting involuntarily. In the case of SETI and Blue Security, the bots are hosted voluntarily.

    Another factor is whether the action of the botnet is constructive or destructive. Clearly, in the case of SETI and friends, the action is constructive. When the desired end is to take a server offline, the immediate end is destructive, as when a botnet is used to launch a DDoS attack.

    It is argued that the Blue Security botnet is used to launch DDoS attacks and that it is therefore abusive. However, using the concept of “DDoS” here is jumping to conclusions.

    Imagine a situation in which people who didn’t want spam personally navigated to the target web sites and entered complaints into web forms there. Irrespective of whether the complaints were heeded, are those individuals not acting justly and lawfully? I submit that they are, because they are acting proportionately. If I receive one spam and make one complaint to the beneficiary of that spam, I am acting fairly and proportionately.

    Now if spam is sent to one million individuals and every one of them complains, the action of each one is of itself fair and proportionate. Yet, as we know, the combined complaints would have the same effect as a DDoS attack: the receiving site would be overwhelmed. Does that make the combined complaints abusive? No, because they are a collection of fair and proportionate responses to an abusive flood of spam.

    What the members of the Blue Security botnet have done is to appoint an advocate (the bot that they have freely and voluntarily hosted) to complain justly and proportionately on their behalf. Again, there is nothing unjust, disproportionate or abusive in electing an advocate to complain on one’s behalf.

    What happens in a DDoS is what happened when one spammer decided to attack every site that had links with BS recently: one single operator uses an involuntary botnet to flood (with purely destructive intent) innocent sites with millions of packets per second. Those millions didn’t reflect the desires of the hosts of the botnet, nor of millions of people. They represented the destructive intent of a hacker who is said to have claimed that he “owns the Internet”.

    I suggest that we refine our categories a little before basing hasty ethical judgments on them.

  19. You people are idiots.

    Abuse in the name of a ‘good cause’ is still abuse. Spam for a ‘good cause’ is still spam.

    It is very simple that signing onto blue frog is agreeing to be part of their botnet with targeted attack methods. If you don’t understand this, you should unplug your computer and take up tiddley-winks as that is all you can handle.

  20. One more thing. I have a server at my will anybody know how they get the forms made? I want to make my server perform just like the blue server does. This way I will not have to rely on blue if shit goes south on them.

  21. GOOOO BLUE I want to spam teh hell out of these spamvertized sites. I fully agree with the blue frog. They will not stop sending me trsh…… Then let me trash their capabilitys to send more or make money off of my time!!!!!!! Hackers Unite!!!!!

  22. The amazing thing about all this, is that Blue Frog does NO more than we would do by replying to a spam email (if we had the spammers real email address of course)to ask them to desist. This is considered unethical????? and it DOES work see this link! http://www.hoodiagordoniiplus.com/?aid=550084

  23. Someone is utilizing the tbe BF list to transmit spam or has determined a methodology to correlate that list against real systems. I get emails like this every few hours, and I have over 14000 emails in my SPAM Catcher.

    “Hey,

    You are recieving this email because you are a member of BlueSecurity ).

    You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

    How do you make it stop?

    Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity’s database, if you arent there.. you wont get this again.

    We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

    By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.

    Why are we doing this?

    Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.
    Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.

    If BlueSecurity decides to play fair, we will do the same.

    We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.

    If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.

    We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.

    You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..

    Just remove yourself from BlueSecurity, and make it easier on you.”

  24. Whoever wrote this article should check his facts. Bluefrog does not DDOS, in fact they have safeguards to prevent crippling a site. They do however make sure your complaints reach the right people, and I for one have noticed a large reduction in sapm since using it.

    Either the author is

    a) Misinformed

    b) Slightly retarded

    c) Friends with spammers who have been hurt by the frog.

    My frog runs 24/7. Spam me and YOU WILL receive complaints.

    Nice and simple :-)

  25. Kudos to BlueFrog I say! Why the heck should I have to trawl through spammers websites to find out how to unsubscribe? (If any such form even exists, plus all the malware I could pick up just visiting the site). I just don’t have 2 hours+ per day to waste doing this. AND, there’s no option on these spam e-mails to opt out. Surely some rule has been broken in that already. All I have done is run a useful tool that does this for me, silently in the background, no fuss.
    I have noticed a significant reduction in spam at all my e-mail accounts. There are only a few die-hard spammers still getting through, some threatening even more spam. This has seriously ticked me off, and now as well as using the bluefrog application I’m now also reporting via spamcop and first alert, and directly to the offending isp. I have also set up autoresponders on the most affected accounts, subject “unsubscribe” with a message requesting to be removed from the mailing list. I wanted to just say “no thanks!” to the spammers and not be troubled anymore, but THEIR persistence, AND threatening messages have given me cause to shout “NO! NO! NO! NO! NOW BUGGER OFF AND LEAVE ME ALONE!”
    Rant over, I’m now off to trace some e-mails and do some reporting. Yeah, I know I said I don’t have time, I’m making time until the spam stops.

  26. One thought: If you receive a spam message soliciting you to visit a site to buy pills, what’s wrong with visiting that site and requesting that they stop spamming you?

    I think the SPAM you received in the first place was the DDOS attack. If they aren’t prepared for the opt-out requests they recieve in turn, then they need to either:

    1. Scale up their servers to handle the number of solicitations they make.
    or
    2. Scale down their solicatations to be comensurate with the ability they have to manage responses.

    I don’t thing Blue Security users are doing anything wrong.

  27. This week a spammer proved – without a shadow of a doubt – that BlueFrog / Blue Security really works.
    I received several messages from one particular spammer, clearly upset that his/her spamming has turned right round and smacked him/her squarely in the face.

    The first message, was anti-BlueSecurity rubbish, the second, third, fourth, etc were just rubbish. The next morning they sent a sob story – telling us “we don’t want to send you these messages but BlueSecurity are forcing usâ€?. Well, I’m sorry, but they’re not; Spammers receive one complaint per spam sent – it’s completely fair.

    I hope everyone signs up with BlueSecurity, and I hope more companies write similar software to combat these dispicable invidiuals raping our inbox.

    The spammer’s patehtic messages are posted here

  28. I completely agree with Blue Frog!! Good for them!! Where do I download their application? Spam adertisers are the worst kind of freeloaders. They make us pay for their junkmail that we never ask for!! And you defend them? Not only do I feel Ddos against spammers is ok, IT SHOULD BE MANDATORY!!!!!

  29. Freddy the Rat, my friend, you may not have to wait long for your wish to come true:

    Russia’s Interfax news agency reports that notorious spammer Vardan Kushnir was found brutally murdered. His body was discovered in his Moscow apartment on Sunday, showing evidence of repeated blows to the head.

    Mr. Kushnir headed English learning centers known for their persistent aggressive spamming. Millions of messages sent by the firms went out each day. Spamming is not presently illegal under Russian law.

    Some angry users have retaliated against his firms by plaguing them with numerous phone calls, bombarding it with emails, or even advertising the firms’ phone numbers in bogus ads for escort services or bargain real estate offers.

    Mr. Kushnir was of Armenian descent, and became reviled among Russian email users for the continuous flow of junk messages from his American Language Center in 2003. Email wasn’t the only method used; Mr. Kushnir’s company filled forums, blogs, and ICQ channels with its messages.

    The ALC website soon became a favorite target for hackers, and Russian Internet service providers frequently closed down his sites when users complained about the spamming practices.

    Among those complaints came death threats; it is speculated that while many were from angered users, some may have come from the sort of loosely-organized anti-spam gangs described in the 2004 book Spam Kings.

    And possibly, one followed through on the many deadly promises made over the years to Mr. Kushnir, in his Moscow apartment over the weekend.

  30. Fred, if you’re taking up a collection to hire a hit man to eliminate the spammers, please let me know where I can send my contribution!

  31. Blue Frog was shut down for a short time today be some jerk who threatened members of Blue Frog with more spam. Well, Blue Frog is back and I’m getting less spam.

    I think ISP’s should monitor outgoing email. If a spammer uses their service, then they SHOULD be shut down. That way the ISP’s will have to take some action.

    Too bad somebody isn’t depraved enough to hire hit men to go after spammers. A dead spammer can’t spam, and I’m at the point where I would be happy to justify murder.

  32. Frankly, I find it offensive to suggest that I should not take whatever measures available to rid my computers of the scourge of the spammers.

    The spam e-mails I receive often contain vile and disgusting information that I certainly don’t want my children exposed to. If a pedophile shows up at my door offering “free sex” should I just let it go too?? These people are criminals who should be shown no mercy. I applaud Blue Frog for taking the initiative and trying to stop these scum bags. If you want to continue to receive offers for cut rate viagra, sex toys and bogus stocks, more power to you. I, on the other hand, will do whatever I can to keep these imbeciles at bay. Since I don’t have the resources myself to hunt them down personally and kick the crap out of them, I’m hoping that Blue Frog can inflict whatever punishment they have the power to. It seems that their techniques are in fact working and they have the spammers on the run. GO BLUE FROG!!

  33. I have been reading this thread with great intrest and I have a few comments.

    ALL SPAMMERS SHOULD DIE

    Their is no other way and looking at the blue frog site (or at the moment not being able to) it is starting to hurt spammers.

    I now have a couple of machines in the office running bluefrog as well as my machines at home.

    I would go further and make it a ddos system and totally destroy all sites that use spammers.

    1 spam = 10000000 replys total war.

    I would also ask for a LAW that would require ISPs to block access to web sites that use spam make it a total waste of time for spammers.

  34. So I am a member of BlueFrog and this morning I get a message from a spammer threatening me that if I don’t remove myself from BlueFrog in the next 48-72 hours, they will bombard me with spam…

    Sounds to me like they’re running scared. For the past years, spammers have done nothing but ignore any requests to stop…since they can’t ignore BlueFrog, now they’re threatening like a bully in a schoolyard.

    I’m staying with BlueFrog…at least it’s seeing results.

  35. The thinking in your article is basically flawed. DDOS refers to unprovoked attacks on a website. Blue Frog’s policy is to send legitimate complaints in response to unsolicited email. This is not the same thing. If the spammers receive a huge & crippling amount of complaints it is because they have provoked it by sending out too much spam!
    If enough people support it, Blue Frog WILL work against the worst spam culprits. They have my full approval in their eforts. Spamming must be stopped, or severely curtailed, to move ahead towards an intelligent internet not dominated by stupid greedy abusers of email services.

  36. Don’t talk to me about about spam and ethics in the same sentence. What a load of shite you write. I do not care if spammers hate me as long as they fear me. Pull your head from out of your arse.

  37. I would like to see the biuldings where these spam servers are at be burned to the ground after the spammer has been beaten to death. What are you on about saying it is not ok to fight abuse with abuse. That is exactly what is needed!

  38. Some news from Blue Security: It’s become so “nasty” that spammer tools include the option to clean out their recipient list of blue community members.

    Yes, that’s right, unoficially, the do-not-intrude list IS WORKING. Spammers NOW respect us!

    Try to do that with stupid legislations like CAN-SPAM (did I mention most spam is ILLEGAL? They offer you pirated software, viagra prescriptions… are we supposed to sit around and doing nothing? You may say this is taking justice in our hands, but frankly, spammers have left us NO OTHER CHOICE.

    Another point. One complain per spam means the generated traffic is equal to the SPAM received. The “problem” is that the SPAM sent by the spammers is distributed, while the complains are received at only one site.

    Technically, spammers MUST PROVIDE the network infrastructure so that 100% of the recipients can opt-out. With 380,000 members, i doubt the blue community represents even 5% of the spam recipients. So if spammers want to SPAM, they should have dedicated servers and stop whining. We’ve been whining about SPAM (it’s practically a mailbox DDoS if you see it that way) for years.

    Also, the complaints are NOT simultaneous. The Blue community is around the world, the complaints are distributed evenly over the time zones. I have the impression that the spammers only complain because they find it difficult to manage the negative responses that we send them.

    Finally, bluesecurity DOES report these sites to the BSA, Microsoft, and various agencies to shut them down in case their advertised goods are illegal.

  39. Hail BlueFrog. Unsolicitated spam is not something that I ask for. If the MO of BlueFrog can deal a heavy blow to spammers, so be it. One thing that BlueFrog may want to consider is aligning themselves with a service like cashette. www.cashette.com. The cashette method is to eliminate spammers by making them pay you a fee for every spam that they send you before you agree to receive the spam. E-Mail addresses that you put in your approved list in the Cashette email client don’t receive a approval link and mail from them automatically makes its way to your inbox. I have tested Cashette and think that it may be a good alternative for those who see the right to complain to spammers as taboo. You can read more about how cashette works here.

  40. Andy wrote:

    “The fact is, the reason there is still spam is that there must be a few people–a very few, but obviously enough for it to be profitable–who buy products based on spam they receive. The only way I can think of really to stop spam dead is not to buy anything from spammers or those who do business with them.”

    As he says there must be a very few people who buy. After all this time and all this spam there are *still* a very few people who buy and we can assume that there always will be. But it is not necessary to reduce the buyers to 0 — only to make the cost of doing business greater than the income generated by those few buyers.

    I have mixed feelings about Blue Frog, but it is one way to swing the equation against the spammers, and I think I’m going to try it.

  41. Who is this Aunty wench? All I see is a spinsterly weed in a web cam piccy.

    Perhaps she could post some better piccies…. to remind me of all sorts of things while we cruise her site.

  42. Hmmmmmmmm I know with all the scammer rackets in the spammers arsenal, of bogus opt out links – that just sign you up for more, and all sorts of things, that well, I feel that after being on the receiving ende of the spammers crapfest, that spammers ought to have burning oil tipped over them… I’d gladly do it too.

    And while I have shut down some spammers, overall my individual complaints to them are about as effective as farting in a fan factory.

    But the idea of massed complaints, to bastards that send out 10,000,000 emails, well, I think it’s great to collectively send 1,000,000 emails back to them, saying take a hike you losers.

    My only regret is that it’s not totally one for one, all the time – cause they would sure like to get their 10,000,000 complaints back in their own servers…

    Just as much as 10,000,000 people like getting the spammers crap shoved in thier email boxes.

  43. Joe Jobs and misdirected “punishments” are impossible because there are people, not bots, behind the Blue Frog who verify all potential targets. Furthermore, spammers are offered the option of voluntarily removing the names on the Do Not Intrude Registry from their mailing lists, and given ten days to comply.

  44. I hope that those of you supporting and/or promoting this are never the subject of a Joe Job and then the target of a misdirected Blue Frog spammer “punishment”. That would just be a shame….

  45. I run blue frog, and in the space of a week saw my spam decrease over 75%. I was getting 100 spam emails a day, and now I get less than 20 per day. That’s pretty impressive. Impressive enough that I’ve recommended it to over 1000 people on one forum.

    This gets results, and it’s legal, reviews to the contrary notwithstanding.

  46. The concept is solid, and would work to eliminate most types of spam if implemented properly. We have done a great deal of research with the programming geeks as well as a thorough flush through legal.

    However the method being discussed here — “Blue Frog” — is an incorrect implementation of the basic concept. It is fairly obvious that this method won’t work and will bring a lot of moaning from many internet people (as evidenced above) who really haven’t done any research on it.

  47. Blue Frog is an appropriate response to what I find to be a personal and uninvited violation. Your stance on this is ludicrous.

  48. “The only thing that evil need to succeed, is for good men to do nothing…”. This ‘moral victim’ sacrifice of yourself and others will NEVER help to stop the relentless onslaught of spammers. I have signed up with the “Blue Frog” – and far from a bad guy, I feel like somebody that actually takes concrete steps to fight this good fight! Godspeed to the Blue Frog!! Stop being the pathetic little helpless people, that are waiting for “Big Brother” to solve all your problems and hassles in your life – grow some backbone and stand up for yourself for once… You seem to be moralizing yourself out of your right to live and breathe. It is plain pathetic how helpless and passive some individuals had become in this day and age…

  49. Your price of $0.10 is low. California law allows up to $1,000 per email and up to $1,000,000 per incident. This is the wording from the law:

    (ii) Liquidated damages of one thousand dollars ($1,000) for each unsolicited commercial e-mail advertisement transmitted in violation of this section, up to one million dollars ($1,000,000) per incident.

    Here are a couple of links:

    http://www.spamlaws.com/state/ca.shtml

  50. I think both sides have valid points here.

    Spam sucks–and I mean that literally–It sucks away resources that could be used to shuffle the packets that people actually want to receive. Besides being annoying, spam is actually destructive, even aside from any issue regarding its legality. Obviously “anti-spam” laws aren’t much of a deterrent, because most of us still receive it. If we don’t do something, spammers will continue to push their junk through the Internet. So, Blue Frog came up with a measure that might on the surface seem a bit extreme–but suppose every spammer were caught and imprisoned. Then my and your taxes would pay for their upkeep in prison instead of whatever else we might prefer, regardless of where we stand politically.

    The trouble is, the Blue Frog agents, in filling forms with complaints on spammers’ Websites, are also generating traffic over the Internet. Even after I read Blue Security’s Website, I’m not clear as to whether the ratio of complaint forms filled to spam messages received is 1 to 1, or not–but even if it is, that still means that the Net has to move packets for both the spam _and_ the complaint. If I thought most spammers would stop spamming as a result of this tactic, I might be more supportive of it, but I think they will simply make their forms more bot-proof to avoid such things and then we’re right back where we started.

    The fact is, the reason there is still spam is that there must be a few people–a very few, but obviously enough for it to be profitable–who buy products based on spam they receive. The only way I can think of really to stop spam dead is not to buy anything from spammers or those who do business with them. This generates no extra Internet traffic, there’s nothing to download, and it’s free. However, in order for it to work, even the people who buy from spammers would need to know that only encourages them, and that’s the tricky part right there.

    I doubt that Blue Security is out to “abuse” anyone. I think they are trying to provide a service and show spammers that their junk is not appreciated. However, I also think their method is not getting back to the root of the problem, and there’s a far simpler way.

    Don’t buy it, and they won’t come. It may take awhile–years maybe–but spammers won’t spam if it doesn’t bring the bucks.

  51. Count me in…..anything to rid the internet curse of spam and stop my inbox from overflowing with spyware ridden emails offering me viagra, mortgage deals, cheap software, and porn! and most of it relevant only in the US. i dont have yankee dollar, I have pounds sterling!!!! Death to spammers! As the Bush dude would say… `unsolicited spam is an infringement on my mail box and we should not rule out the use of military force`! (or at least he would if he could use the interweb thingy!!)

  52. Fight abuse with abuse with abuse I say? I’m afraid I do not agree with you that two wrongs do not make a right, in this case. I believe that PC users should take any opportunity they have to fight against spam, which is now supposed to illegal to send in the first place, according to our government. And I should worry about a spammer’s website unable to function because of these so-called massed-mailed forms they get? When have you ever known of any of these spammers who have ever given a hoot about what their spam does to our mailboxes? Three cheers for Blue Frog.

  53. I failed to mention that 2 Spammers have stopped spamming the blue community due to fear of going out of buisness, also spammers have been “loading” search engines with fake blue security websites, why it’s hurting them big time! Spammer don’t want the community to grow any more. Spammers are seeing the “blue frog” as serious threat just like the real blue frog, predators try to stay as far away from it as possible.

    “Yes, it seems there will be no shortage of dupes who will buy in to” what spammer want you to do, not fight back.

  54. First off I’ve never seen more double talk in my entire life than this article does.
    First off this is not a Ddos attack, which yes is illegal, if the blue security is a Ddos than it would be illegal to complain about let’s say a computer that you paid a $1,000 for and it’s in complete shards, or it’s illegal to have car alarm on your car, it’s illegal to have Brinks security in your,it’s illegal to complain about poisonous foods, it’s illegal to defend your very life when some one is about to kill you, it’s illegal to own a dog, etc… get my point?
    Now let me ask you this is it legal, moral and ethical to complain about bad customeer service, is is abuse I think not. Is it legal, moral and ethical to complain for every instance of bad customeer service that you reciece, I think so and know you do it, is it abuse I think not. Is it legal to a have an agent complain about bad service for you, I think it is, is it abuse I think not, that’s all what the blue frog is doing for you a free agent that complains for every instance of bad customeer service you recieve and if that’s illegal everything might as well be illegal including eating, defendig your life, owning a house, renting a house owning a car, owning a car alarm etc. it might be abusive.

    TO JOIN THE BLUE FROG GO TO

    and exercise your rights to complain about bad service!

  55. Spammers and their masters have brought this upon themselves. They set up bogus Opt-Outs and wonder why the public is full of their stuff. I open one account and find that I have one email in my in-box and 196 in my junk mail folder. If Blue Frog can stop this nonsense then all I can say is thank you.

  56. Sheesh!

    Yes, it seems there will be no shortage of dupes who will buy in to Blue Security’s scheme. I happen to know for a fact that Blue Security has already lost hosting with Verio, and has termination pending at Everyone’s Internet. Their hosting in Israel is now in jeopardy. Why? Simple: Their behavior violates the terms and conditions they agreed to to receive Internet access (namely, providing and distributing a DDoS tool). Blue Frog users may soon also find their ISPs have become hostile to them, if this progresses far enough. Do you really want to have your connection pulled because you knowingly participated in a DDoS?

    No one is taking away your right to complain by denying you this particular means. The end (stopping spam) does not justify stooping to abuse of the network. Spammers are criminals, folks. The sites BlueSecurity plans to target are frequently hosted on compromised home computers on broadband connections. BlueFrog will subject end users to an endless hail of friendly fire, and hurt spammers NOT ONE WHIT.

  57. We need to go 1 step further – sue the sponsors of spam for the damages. I would conservatively estimate each incident be worth ~$0.10, and I am ready to give 80% of these money to attorneys who will open the suite.
    Just each complaint should be also forwarded to these attorneys’ office.

    Any willing attorneys out there?

  58. I suggest going 1 step further – forward all these complaints to the office of some attorneys, willing to start a class action suite against the sponsors of spam e-mail. Really, these people hire spammers and order them to disrupt my work in the NET, n’est ce pas? Charge them $0.10 per incident, and with 20 million spam complaints you will see the result pretty soon.

    Are there any attorneys ready and willing? I sign 50% of resulting money for their fees!

  59. I am using BlueFrog and I love it! I can’t help giggling as I report my spam.

  60. You say potato…. Where you call it a DDoS or not is just semantics. Let’s look at facts and not argue about labels. The Blue Security system allows registered users to automatically complaint directly to the sponsors of unsolicited email. Just because it’s an automated response doesn’t make it a DDoS. Just because said sponsors’ web sites might not be able to handle the complaint load that they were responsible for generating in the first place doesn’t make it DDoS. That’s just bad business on their part. They have the option of either changing their business model to one the works, or they can fold up their sleazy little practices and go home.

  61. Let me get this straight… Abuse is now being defined as a program that automatically tries to opt you out of emails from dkfalkdsaf@uk.bulk.advertise.lamo who then changes his name to lsdkfjsdak@bulk.advertise.lamo.uk and spams you again and this program is considered evil? Thanks but if this thing can reduce the amount of ‘crap’ i get daily in my in-box … sign me up.

    Certainly you have better things to do with your time.

    kthxbye

  62. I never said I wanted peace and good will for or from spammers. It’s the same thing if you break into my home. I won’t make you a cup of coffee and do an ommmmm chant with you. DUH

  63. BRILLIENT!!

    While I agree that 2 wrongs don’t make a right, I am not doing anything wrong by complaining about SPAM. If thoses complaints happen to cripple the server of someone who is paying someone else to cripple the inbox of my users…then that party should buy bigger servers to handle the number of complaints!

  64. Did you guys actually read what she said? Let me quote – “it’s just not ok to use abuse to fight abuse.” But hey! Isn’t that the American way? If you get attacked, you attack back! Let me ask you something then. How’s does that make you any different than the original attacker?

    People SAY they want peace and goodwill. People have been SAYing that for a thousand years. The fact of the matter is — if you want to attack others (meaning you have no peace in your heart) then you will never have peace in your life. Because you ATTRACT strife.

    The way to solve such things is not by attacking back! The way to solve these things is to use your head and come up with a way that the attackers can’t attack. DUH!

  65. Good for Blue Frog! The government is not the answer to this problem since they have been impudent from the beginning.

  66. Aunty Spam is at it again! As usual she is way off the mark. I agree completey with Blue Frog, we should be allowed to complain to those responsible about the numerous unsolicited spam messages that ATTACK our mailboxes throughout the day. One purpose of a spam message is to get a response from the recipient. Well why should the spammers complain, just because they don’t get the response they are looking for. If auntie SPAM (Interesting Title!) still believes that we should not try to fight back, then I would invite her to remove her very own anti-spam features used for this comment column. Then go to her local town, and bring a bum back to her home, to live on her front porch. Then she can be spammed every day with requests for handouts!

  67. Seems to me there’s much more double talk in your posting than in what these guys are doing.
    Have we lost the right to complain? DDoS is an anprovoked and disproportional attack while this is a service allowing people complaining for spam they receive – one complaint for each spam message! What’s wrong with that?

    I guess if a drug dealer opened an operation accross the street and advertised his merchandise in your neighborhood and the police would do nothing since “across the street” is beyond their jurasdiction, you would site at home and wait… The least you would do to protect your kids (at least I hope you would) would be to organise your neirghbors to protest.

    Eric

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.