Wednesday 3 May 2006

Wired has half the Blue Security story

I see Wired is now talking about the Blue Security situation. It focusses on the spammer retaliation angle.

Naturally, there are some spammers who take a dim view of organizations that try to limit the number of mailboxes they can pollute. It now appears that spammers are passing around a list of names that purports to be this secret registry. Not only that, but levels of spam received by members of the Blue Security list have roughly doubled since May 1.

So how can this be?

I've seen the spammers' list. It's not as it seems -- it doesn't include spamtraps and other special addresses or wildcard domain entries that I know to be in there. What's happened is that a spammer has taken his list and "cleaned" it against the Blue Security list. He then compared the original list with the cleaned list to figure out which addresses were removed. He then bragged to his spammer buddies that he's "cracked" the Blue Security list.


Justin Mason said...

I'm amazed it took this long -- as I've been blogging at, this is a known vulnerability of "do not email" lists. I first heard about it when various people wrote about it in written responses to the FTC in 2004, when the FTC were investigating the viability of such a list themselves. (They discarded the idea as unviable.)

Also, for what it's worth, Blue Security claimed in a blog posting that the spammer was simply spamming his normal list, rather than a "targeted" Blue-Frog-user list; however, judging by the lack of any of this traffic on our spamtraps, I'd say that's not the case and the spammer really did narrow down their list to Blue Frog users.

Richi Jennings said...

I think the point BS was making was that the spammer pulled the names *from* his normal list (by doing a diff against the BS-filtered version).

Remember: English is not the native language of most of the BS guys. ;-)

Anonymous said...

Looks like Blue Security is to stop trading if this is to be believed...

Post a Comment