Naturally, there are some spammers who take a dim view of organizations that try to limit the number of mailboxes they can pollute. It now appears that spammers are passing around a list of names that purports to be this secret registry. Not only that, but levels of spam received by members of the Blue Security list have roughly doubled since May 1.
So how can this be?
I've seen the spammers' list. It's not as it seems -- it doesn't include spamtraps and other special addresses or wildcard domain entries that I know to be in there. What's happened is that a spammer has taken his list and "cleaned" it against the Blue Security list. He then compared the original list with the cleaned list to figure out which addresses were removed. He then bragged to his spammer buddies that he's "cracked" the Blue Security list.
3 comments:
I'm amazed it took this long -- as I've been blogging at taint.org, this is a known vulnerability of "do not email" lists. I first heard about it when various people wrote about it in written responses to the FTC in 2004, when the FTC were investigating the viability of such a list themselves. (They discarded the idea as unviable.)
Also, for what it's worth, Blue Security claimed in a blog posting that the spammer was simply spamming his normal list, rather than a "targeted" Blue-Frog-user list; however, judging by the lack of any of this traffic on our spamtraps, I'd say that's not the case and the spammer really did narrow down their list to Blue Frog users.
I think the point BS was making was that the spammer pulled the names *from* his normal list (by doing a diff against the BS-filtered version).
Remember: English is not the native language of most of the BS guys. ;-)
Looks like Blue Security is to stop trading if this is to be believed...
http://www.theregister.com/2006/05/17/blue_security_folds/
Post a Comment