Wednesday 3 May 2006

Wired has half the Blue Security story

I see Wired is now talking about the Blue Security situation. It focusses on the spammer retaliation angle.

Naturally, there are some spammers who take a dim view of organizations that try to limit the number of mailboxes they can pollute. It now appears that spammers are passing around a list of names that purports to be this secret registry. Not only that, but levels of spam received by members of the Blue Security list have roughly doubled since May 1.

So how can this be?

I've seen the spammers' list. It's not as it seems -- it doesn't include spamtraps and other special addresses or wildcard domain entries that I know to be in there. What's happened is that a spammer has taken his list and "cleaned" it against the Blue Security list. He then compared the original list with the cleaned list to figure out which addresses were removed. He then bragged to his spammer buddies that he's "cracked" the Blue Security list.

Posted by at 3 comments:
tags:

Monday 1 May 2006

Blue Security "do not email list" compromised? No!

It had to happen. I'm amazed it's taken so long.

Spammers are passing around a list of names that is purportedly the Blue Frog "do not email" list. Someone is already spamming the list with dire warnings of falling skies.

I've seen the list. It's not complete in the sense that it doesn't include the wildcard domain entries. It also doesn't include spamtraps that I know to be there. Presumably a spammer has taken his list and "cleaned" it against the blue list, then done a diff? Like I say, I'm amazed it's taken so long.

In other words, people won't get spam from these spammers unless they're already getting spam from them.

Blue Security's community forums are down "for maintenance." ;-)

Links (updated as I find them): 1 2 3 4 5 6 7 8 9...

Posted by at 5 comments:
tags:
Subscribe to: Posts (Atom)