Startup Aims To Overload Spammer Web Sites - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:31 PM

Startup Aims To Overload Spammer Web Sites

Blue Security plans to overwhelm spammers with complaints and unsubscribe requests.

A startup security firm is taking the fight to spammers by enlisting end users to create what's called a Do-Not-Intrude registry whose purpose is to make it too painful for junk mailers to operate.

If a spammer sends you spam, you have a right to complain, said Eran Reshef, the chief executive of Menlo Park, Calif.-based Blue Security. If they send you one spam, you complain one time. If they send you a thousand spams, you can complain a thousand times.

It's the volume on which spam operates and Blue Security's plan hinges.

Starting Monday, users can download Blue Security's Blue Frog client and sign up with the Do-Not-Intrude registry. Once the software's installed, users can register up to three e-mail addresses to monitor for spam. Blue Security, however, watches not only those addresses but up to a dozen accounts it sets up for that act as additional "honeypots," or accounts designed to attract spam.

Blue Security analyzes the messages it receives from the users' accounts (as well as all others who sign up), then follows the links inside the spam to (hopefully) the originating site where, for instance, products or services pitched by the junk mail are sold. There, forms are identified that accept text -- an order form, perhaps, or a customer service form -- and its fields are automatically filled with a message demanding that the e-mail account's address be removed from the spammer's list.

"I kindly ask that you cease sending me or other registered users spam," the message reads.

The idea, said Reshef, is to punish the spammer for his actions. Although the scheme doesn't generate mail to the spammer -- spam for spam, so to speak -- the volume of Web traffic should be enough to cripple the spammer's Web site.

"The sheer amount of complaints going to the spammer's site is going to make it hard [for that site] to do anything else, said Reshef.

Spam is analyzed by Blue Security staff, said Reshef, who investigate the spam, verify that it violates the federal CAN-SPAM Act, trace the message to a Web site, and pinpoint a form on the site that can be used to complain. The Blue Frog handles everything else for the end-user.

The opt-out complaints are synchronized, so that all users whose accounts are monitored file simultaneously.

Although Reshef repeatedly said that the practice was not illegal, the end result is very close to a denial-of-service attack, in which a collection of computers simultaneously try to access a Web server with the intention of bringing it down under the sheet volume of traffic.

Reshef aggressively defended the concept and rejected the idea that it was a DoS in disguise. "We have a right to complain," he said. "The spammers have the right to send us spam, and we cant say anything? No, thats not right.

"Were not creating any harm. Were not trying to shut down any Web sites. But we have the right to complain, one for one," he added.

Other fight-back tactics against spammers have failed in the past. Last year, Lycos Europe rolled out a screensaver that conducted DoS attacks against known spammers. Within days, however, Lycos buckled under pressure from security groups -- which called it vigilantism -- and ISPs, who worried that attacks originating from their members would make them liable to legal action on the part of spammers.

"Our effort is completely different from what Lycos did," said Reshef. "Lycos used a hit list of spammers. We're only responding to actual spam. And each user is responding only to the spam he or she received."

Some may see it as a difference in semantics. But Reshef sees it as effective.

"We've already seen it work," he said. "The spammers don't like what we're doing, and some of them during our tests tried to modify their site on the fly to keep out complaints." Two other sites that he declined to name, he said, have agreed to stop sending spam to the real and honeypot accounts.

"We need a critical mass of users for this to work," Reshef acknowledged. "If enough people abandon the idea of passively filtering spam and realize that unrelenting action is required, we can together stand up for our online rights."

Once its built up a sufficient community of users to ding spammers' Web sites, Blue Security plans to offer the service to enterprises for a fee.

The Blue Frog client can be downloaded free of charge from the Blue Security Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll