It was inevitable. Blue Frog, the “anti-spam” company which tries to get spammers to stop spamming by spamming the webforms of spammers who spam Blue Frog’s customers, had their “do not spam” email list stolen by spammers, and now that list of Blue Frog customers is getting spammed.
To be more clear, when you sign up for Blue Frog’s service, and give them your email address, any time someone spams you, they spam that someone back – actually it’s more of a DOS – they bombard any webforms that the spammer has with tons of data, in an effort to cripple the server. The way that the spammer can stop the DOS is by not spamming that email address that is on the list of Blue Frog’s customers – their “do not spam” list.
Today Richi Jennings, an industry watcher in the UK, is reporting that Blue Frog’s “do not spam” list has fallen into the hands of spammers, and is being spammed with all sorts of dire warnings. Jennings has himself seen the list, so he knows of where he speaks.
Says Jennings, “I’ve seen the list. It’s not complete in the sense that it doesn’t include the wildcard domain entries. It also doesn’t include spamtraps that I know to be there. Presumably a spammer has taken his list and “cleaned” it against the blue list, then done a diff? Like I say, I’m amazed it’s taken so long.”
So are we.
So if you are a Blue Frog customer, and have started getting some unusual or pointed spam, now you know why.
[Ed. note: Since this was first posted, reports have become confused and unclear as to whether the Blue Frog list was actually stolen. But this much is clear – if it was not stolen, it was reverse-engineered by spammers (in other words they took their spam lists, matched them against Blue Frog’s – which is what Blue Frog demands they do – and then noted which addresses were on the Blue Frog list, and built their own second list of Blue Frog users).]
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
[Ed. note 2: based on several responses in the comments below, it’s pretty clear that people who sign up for Blue Frog really don’t get what they are signing on to. Did you not read the following before you gave them your email address, and let them start using your computer as part of a distributed attack against machines which may not even know they are harbouring spammers (much like you may not know you are using your computer to attack what may be innocent machines?)
This is from Blue Frog’s own website (read it all):
|We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:|
“Opt-out requests are posted by the Blue Frog client application used by consumers that added their personal e-mail addresses to the Registry through Blue Security’s free consumer offering.
Requests are not posted by Businesses and organizations that added their e-mail domains to the Do Not Intrude Registry through Blue Security’s paid business offering.
For each site advertised by spam, Blue Security develops a script for the Blue Frog client, instructing it how to submit an opt-out request on that site.
Each user’s Blue Frog client retrieves the scripts from Blue Security servers and posts the opt-out requests. A single opt-out request is posted per each spam message received by that user.
Complaints are posted in a manner similar to the way a user would manually try to opt-out of spam – Blue Frog opens an HTTP session with the spamvertised site, visits the site according to the flow of instructions included in the script and posts the opt-out text in forms found on the Web site, such as registration or purchase forms.
Opt-out requests do not contain any information that may jeopardize the users’ privacy. The Request encourages the merchant, email marketers and spammers to download the Registry Compliance Tools, remove all e-mail addresses listed in the Registry from their mailing lists and stop sending spam to Blue Security customers.”
Now, before you rush to your own and their defense, really read what this says. It says that it takes information and populates webforms. It doesn’t submit a real opt-out request, and if it did, it wouldn’t do any good, because spammers don’t honour opt-out requests.
Instead it goes to whatever website is there, and finds whatever webforms it can, and puts “unsubscribe me” language in that webform, no matter what that webform is, no matter to whom it actually belongs.
Your own computer may only send a few to each site, but to how many sites is it sending? And combined with however many others are being sent at the same time to the same site from the thousands that Blue Frog claims, that is the very definition of a DDOS.]
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!