Since quite a few people don't seem to know how BS/BF work I'm
quoting a post I read on
http://community.bluesecurity.com/webx?50@527.Rg3A aYm6mEY.0@.3c545f52
Does Blue Frog Employ DDoS Attacks?
Some points to consider.
One. When any man woman or child on earth receives an Unsolicited Bulk E-mail message, (UCE) it is essentially just an advertisement:
1a. The recipient has been -invited- to visit the advertised service and conduct business. Real Distributed Denial of Service (DDoS) attacks are never preceded by an -invitation- from the party that is to be allegedly attacked. By sending the advertisement, the advertiser is consenting to receive a response if the recipient feels so inclined. It is advertisers hope that visiting will yield them money. It's called a market economy.
1b. Dissatisfaction is a valid transaction. Advertisers may not just cherry pick the cash yielding sales. If an advertiser does something to insult or enrage their target audience, they can expect to get a lot of phone calls - this is a healthy market dynamic which drives improved business performance and customer satisfaction. If it works for broadcast and print media, why would UCE marketers be immune from this healthy form of feedback?
1c. The recipient of the advertisement is not prohibited by law to conduct business transactions with the advertised service - just as the service is not prohibited by law to advertise. Should the recipient be dissatisfied and not wish to receive future advertisements, a single request for distribution list removal each time an advertisement is received is a valid practice within the law. The advertiser bears some duty to comply with removal requests in good faith. 1 to 1 responses do not constitute a DDoS attack as the sender of the solicitation has direct control of the responses they will receive. No court of law would be convinced otherwise for the following reasons: Intent to disrupt is not present, the objective of the opt-out request is clearly stated in civil terms, the origin of the opt out request is not hidden (though rendered anonymous for practical reasons), no extortion, blackmail or other form of crime is involved in the request, the advertiser has a clear and simple method of avoiding this undesirable traffic and was given due time to conform. None of these conditions are true under a typical real denial of service attack which sets apart the Blue Security method.
1d. Prior to the existence of the Blue Security service, recipients were technically not able to respond in quantity or form equal to the advertisements received. Filtration was the only effective solution to conduct e-commerce and personal correspondence amidst a constant flood of UCE. Historically to respond to a UCE was often dangerous or caused retribution attacks against the unhappy recipient. (The UCE industry refers to vocal negative recipients as "antis".) Responding to UCE has now become safe and feasible via the Blue Security system. The underlying method employed by Blue Security whereby "Party A advertises - therefore Party B responds" remains both ethical and legal. Not an attack.
Two. Regarding why the services advertised in UCE might crash or fail as a result of Blue Frog Opt-out requests, there are exactly two possible causes:
2a. The advertising party did not sufficiently design their infrastructure to be capable of managing the traffic which was generated by their ad campaign.
2b. The advertising party did not decrease their ad campaign to be commensurate with their capacity to manage response traffic.
-- The issue of UCE advertised servers crashing has nothing to do with the recipients of the ad campaign or any imagined DDoS attack. It has everything to do with the UCE senders being irresponsible and unprepared for their own actions. In simple terms, it would seem that UCE marketers who target Blue Frog members end up biting off more than they can chew.
Three. Regarding making money from UCE and the irrational nature of Blue Frog resistance:
3a. In the world of business - some traffic generates revenue - some does not. All successful businessmen and women want to maximize one and minimize the other. Blue Frog (BF) users are a demographic group which has the stated goal to never generate sales for bulk e-mailers or their affiliates. Why anyone would ever want to advertise to this vocal advocacy group via bulk e-mail is a true puzzle.
3b. BF users as a community have decided to stop sleep walking when it comes to spam. They feel that endlessly absorbing and filtering the UCE flood solves nothing and is a wasteful use of public and private internet resources. Blue Security has found a way to be vocal and effective while remaining ethical and legal. As with the evolution of all industries around the globe, the UCE industry must evolve with newly developing market forces if they wish to remain profitable. (See point 3a above.) The BF community has become a market force.
3c. BF users are not trying to shut down the UCE industry - this absurd claim to war was initiated by pro-spam forces who were to proud to comply with the BF Do-Not-Disturb registry. Many users outside the BF community -do- respond to UCE and buy product. UCE marketers with any sense should focus on these paying customers as their core demographic audience.
Four. Irresponsible constituents of the Unsolicited Bulk E-mail industry are very worried about Blue Frog because:
4a. The BF service will hold up in any court of law as both legal and ethical. If this werent the truth, I believe that in the last year many cases would have already been brought against Blue Security. The advertised illicit drug and fraud rings will not hold up. The irresponsible and punitive marketing practices will not either.
4b. BF does proudly infringe upon their previously unlimited ability to be irresponsible. For those who do not elect to obey the civil opt-out requests they have the potential of adding cost to the otherwise low overhead industry of sending UCE. Some in this industry are not familiar with having to operate with any type of constraints and simply aren't used to the concept. Change fosters resistance.
4c. BF members are consenting and willing in their use of the service. This is in stark contrast to the hi-jacked criminal zombie networks of the world. The term "bot net" as popularly defined can not be applied to users running the Blue Frog client while actively participating and forwarding their UCE to the Blue Security analysts. This has all the legal markings of consensual usage and legal software licensing.
4d. Should BF member numbers grow too great, the analysts at Blue Security will have vast real time data on the operations of nearly all illicit e-mail driven activity on the web. Nobody has yet succeeded in putting together a system with this much breadth of scope on such a large scale. Blue Security stands a strong chance of being the first. Blue Security has already declared that they will constantly feed their collected data on criminal activity to all relevant authorities and has begun doing this. Having this much light cast upon a shady industry makes those responsible rightfully nervous.
4e. BF members are standing up to irresponsible Spammers. This is a first in history for many of them, and they are having trouble adjusting. In the past, individuals fighting spam could be punished via "Joe Jobs" or placed upon "anti" lists for additional punitive UCE targeting. As a group though, the BF community challenges their safety and has been proven to cause great rage as it nullifies their control over the individual. People in a state of anger do irrational things as recent events have shown. Their recent overtly criminal actions will likely be their undoing.
Five. Anyone still claiming that Blue Security employs illegal DDoS attacks is either:
5a. Not adequately informed regarding what exactly the Blue Frog client actually does and does not do.
5b. Is not in possession of faculties which are capable of sound deductive reasoning.
5c. Is a pro-Spam advocate trying to spread misinformation in a thinly veiled attempt to protect an obsolete way of life.
5d. Simply has a bitter, small heart.
It may sound like the old "if you aren't with us you're against us" bit, but it is not.
-- To those who wish to sit on the bench and watch, you have nothing to lose and everything to gain by allowing Blue Frog members to try this grand experiment in SPAM management. Everyone dislikes SPAM. Everyone agrees that Blue Security is forging into uncharted territory - like it or not. So sit back, see what happens and get yourself some popcorn. Before too long Im sure the law will test the involved principles and we shall then see which way the wheel turns.
-- To those who are engaged in this experiment, as a person who also does not appreciate thugs entering my in-box, I applaud your bravery and am right there with you.
Current status:
Corporate Site
(www.BlueSecurity.com) OK
Members site
Account managment Coming Soon
Community site
Forums, blog OK
Webmail tool's spam reports OK
Blue Frogs
operational system OK
SMTP Spam reports to reports.bluesecurity.com OK
Validation emails Coming Soon
Online Statistics Coming Soon
Developers' Site Coming Soon
Outgoing emails from Blue Security Coming Soon
Last updated at May 14 2006 at 04:20 am EST
end quote
