Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Blue Security Gives up the Fight 672

bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
This discussion has been archived. No new comments can be posted.

Blue Security Gives up the Fight

Comments Filter:
  • Too bad. (Score:5, Interesting)

    by grub ( 11606 ) <> on Wednesday May 17, 2006 @10:17AM (#15350514) Homepage Journal

    I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.
  • official statement (Score:2, Interesting)

    by coaxeus ( 911103 ) * on Wednesday May 17, 2006 @10:20AM (#15350539) Homepage
    I'll wait to see an official satement from them. Considering they are offline right now, likely due to another DoS, and the spammers have spent the last 2 weeks doing joejob attacks and all sorts of e-mails supposedly from bluesecurity... it doesn't seem too unlikely to me that the spammers could convince the media of something.
  • P2P perhaps? (Score:4, Interesting)

    by Nursie ( 632944 ) on Wednesday May 17, 2006 @10:20AM (#15350544)
    Was about to post the same thing. Make a distributed app, receive spam, post "unsubscribe" link to app, (assuming this is how blue worked) instant mass traffic for spammer. The problem here is that if you don't have a central authority controlling what gets hit the someone will sooner or later abuse the P2P DDoS machine that you've effectively just created.
  • by Saint Aardvark ( 159009 ) * on Wednesday May 17, 2006 @10:25AM (#15350580) Homepage Journal

    If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.

    [...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."

    From Dive Into Mark [] (which doesn't seem to be responding, so try Google's cache [].)

  • by fistfullast33l ( 819270 ) on Wednesday May 17, 2006 @10:26AM (#15350596) Homepage Journal
    What about a solution like the SETI project? A nice graphical screensaver that uses spare processor cycles to send email spam to known spammers. It could even display something funny like a graph showing how much harassment you're causing.

    However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.
  • by bbernard ( 930130 ) on Wednesday May 17, 2006 @10:27AM (#15350604)
    I'd agree with the parent comments but for one issue. The company's clients were directly threatened. The spammers didn't just threaten Blue Security, they threatened Blue Security's customers. As the article stated, Blue Security's customers didn't sign up for a war. They signed up to not get spam. Getting bombarded by viral attacks wasn't part of the deal.

    That said, I too am disappointed, but until effective means of finding and holding accountable the people behind the attacks this kind of extortion will continue.

    Welcome to the wild-west. Where's Sherrif Bart and the Waco Kid when you need them?
  • Scary thought (Score:4, Interesting)

    by dtsazza ( 956120 ) on Wednesday May 17, 2006 @10:33AM (#15350657)
    This really drives home how important it is for Average-Joe users to have decent security. Time was, if you got infected with a virus you'd get your hard drives wiped and have to reboot your machine. Then, viruses stole information instead. Nowadays, it seems like anyone with the inclination to do so can set up their own botnet using relatively simple tools.

    And of course, if you're in the business of breaking the law online (or rather just being generally anti-social) it's simply prudent to gather an army of computers, and then use that power to make others give into your demands. The actions of one hacker and his botnet caused an entire company to shut down operation - that's scary.

    And scarier still is that the thousands of people whose computers were hammering away at the server, contributing to the victory of evil over good, are unaware of the part their machines played, and will doubtless play again.

    This really is the computing equivalent of creating massive private armies with a mind-control drug - and while the email system really needs an overhaul, while the possibility to harness this kind of power exists there'll be the opportunity for extortion on this scale.
  • by Surt ( 22457 ) on Wednesday May 17, 2006 @10:33AM (#15350660) Homepage Journal
    Just convince everyone to run tarproxies already, or get it integrated into the standard build of sendmail? Since you're obviously hinting at going wide distribution, why not go wide distribution with a tool that has a strong research, development, and testing history behind it.
  • by MrDoh1 ( 906953 ) on Wednesday May 17, 2006 @10:34AM (#15350671) Journal
    It's a sad day indeed.
    However, if they close up shop this easy, were they the right ones to be leading this fight?
    I also just love how I had to hear about this on /. Nothing like keeping your community informed of what's going on.
    The worst part is they probably picked up 50,000 or more subscribers over the period of the DDOS. It was actually much better advertising than they could have ever bought. Heck, it got me to join!
  • by spge ( 783687 ) on Wednesday May 17, 2006 @10:38AM (#15350715) Homepage

    I find it very hard to believe that it is this straight-forward for one individual to potentially bring down the entire internet infrastructure. The Register reported on this story and said, "Anti-spam firm Blue Security is to cease trading after deciding its escalating conflict with a renegade spammer was placing the internet as a whole in jeopardy." It went on to say, "During an ICQ conversation, PharmaMaster told Blue Security that if he can't send spam, there will be no internet."

    I suppose the most concerning part of this story is the bit where bribery appears to persuades a top ISP to make some dodgy configs:

    "According to Blue Security, a renegade Russian language speaking spammer known as PharmaMaster succeeded in bribing a top-tier ISP's staff member into black holing Blue Security's former IP address ( at internet backbone routers. This rendered Blue's main website inaccessible outside Israel."

    This story smells a bit.

  • by Stellian ( 673475 ) on Wednesday May 17, 2006 @10:39AM (#15350726)
    Come on, what do readers think...I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.

    The fact that Blue Security has failed does not surprise me. They were a business, and this kind of vigilante justice cannot be made profitable.
    What we need is to implement an open source p2p DOS network. Everybody can submit a link that they found in SPAM mail, with their DOS client. This way, the more a site is spamvertised, the more it is DOS-ed.
    Of course, the amount of DOS the site gets should be comparable with the bandwidth needed to send the spams, so there are no abuses of the system. Just send their crap back to the sites they run.
  • At this point I'm convinced that the only solution is a worldwide series of gory murders of spam kings with "death to spammers" written on the walls at the crime scenes in the spammers' blood.
    Someone beat you to it ... As described here [] or here [].

    Be pretty hard to get a murder conviction ... after all, there are literally MILLIONS of people with a motive ... I can picture it now ... the jury is deliberating, and says "the spammer got his skull crushed in ... sounds like he got off too lightly, dah?"

  • Some hard numbers (Score:2, Interesting)

    by Anonymous Coward on Wednesday May 17, 2006 @10:51AM (#15350826)
    According to my unversity's spam filter, up to 25 percent of all incoming messages from off-campus addresses are spam []!
  • Re:Third Choice? (Score:2, Interesting)

    by ovit ( 246181 ) <dicroce AT gmail DOT com> on Wednesday May 17, 2006 @10:59AM (#15350904) Homepage
    Exactly. When no-one has a monopoly on the use of force, then using force to respond in kind is fair and just. It's called not letting yourself become a helpless victim.

  • by Opportunist ( 166417 ) on Wednesday May 17, 2006 @11:00AM (#15350915)
    You can't fight spam at the originating point. More often than not it's sent through hijacked PCs. Hitting them won't help anyone.

    So you have to hit the site that's been advertised by the spam. P2P has been mentioned as the "way to go" to avoid a similar fate. And the dangers of "seed poisoning". This can be circumvented. Have the clients "read" the spam folder of the participating person. Have them exchange their spam folders. Have them count the messages received. And once a critical amount of similar or identical messages have been identified, have them hold a vote who's going to get it for the next, say, 8 hours.

    This all can be done without the participation of a host.

    Now, of course someone could send around some spam to, say, shoot at Microsoft. How to prevent that?

    Well, spam needs some time to propagate. This time can be used to update some whitelist. This whitelist, again, would have to be administered decentralized. I.e. you declare something "not spam". If enough people call spam "no spam", the attack won't happen. At the same time, run a blacklist that lets you identify something "clearly as spam", which puts more weight behind the counter.

    If something has circulated for 2 days or more and is still labeled "Spam", the flood rolls in. Yes, I'm aware that quite a few spam-ad'ed servers are hijacked too. That's why the attack should not run for more than about 2 hours. Should give the admin there a good heads-up, to say the least, and take a look at his setup. Should he not wise up, the next one runs for 4, then 8, 16, 24 hours and so on.

    Still needs some fleshing out, but I guess that'd be a way to run it.
  • by portwojc ( 201398 ) on Wednesday May 17, 2006 @11:05AM (#15350959) Homepage
    "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

    You started the fight and you expected them to buckle but you forgot one thing. They don't care if what they do is illegal. You do.

    They will keep sending their junk and if you think they will ever stop you are naive. You can't stop them from doing it. You have to accept that first and then come up with a method that will just make it harder for them to get their junk out.
  • by Professr3 ( 670356 ) on Wednesday May 17, 2006 @11:07AM (#15350973)
    The problem is, fighting a large force with a concentrated force never wins. The trick, both here and in the real world, is guerilla warfare. At the bluefrogfanclub site, talks are underway about rebuilding the Frog in a P2P form. Since P2P is much more decentralized than a single site, hopefully it will be harder to hit by spammers.
  • Bastards! They deleted the source files! They could at least give the source code for us to share.

    Anyway, this clearly gives us one choice: Decentralizing Blue Frog.

    The concept has been proven. Flooding the servers with opt-out requests.

    So I propose this: Make a decentralized "black frog" which directly analyses the e-mails and begins doing what Blue Frog did. But this time, it's per-user.

    If anyone wants to start the Black Frog project, give me a message (my gmail address is posted in my account).

    The concept is this. Instead of asking the spammers to download the "do not intrude" list, hash your own mails using the following formula:

    hash = substr(SHA1(e-mail),32). And in the post tell the spammer to remove this hash from their mailing list. (We can include random hashes to make it blurry).

    If anyone wants to start the project, I'd be happy to organize it.

    We need:

    * At least one person with access to the Blue Frog sourcecode, or someone who has helped in programming the Blue Frog
    * Lots of programmers
  • Re:Third Choice? (Score:4, Interesting)

    by PFI_Optix ( 936301 ) on Wednesday May 17, 2006 @11:20AM (#15351116) Journal
    Back when it was possible to track down the spammers and e-mail them easily (~1998) I did this sort of thing on my own.

    If I got spam from someone, I sent them an e-mail asking them to stop. When I got another one from them, I sent two. Then three, four, and so on. I made liberal use of free e-mail so they couldn't filter out my addressed, and eventually spammed one guy with 98 e-mails before he relented.

    Multiply that by 500,000 users and you'd get one nasty spam attack. That's what these guys deserve: to get one e-mail for every e-mail they've sent to each address. Tens of millions of e-mails flooding their inboxes.
  • by hotspotbloc ( 767418 ) on Wednesday May 17, 2006 @11:20AM (#15351122) Homepage Journal
    Anyone want to state the obvious answer?

    Coral cache ( []) with mod_expires to tweak the cache time and adjust length for high traffic times and mod_rewrite to drive everyone but Coral servers to the Coral cache. Not perfect but it could keep an otherwise dead site to appear alive for an extra day or so. Add in it's completely free, doesn't alter your pages and the only limits are a max single file size is ~35M and a daily bandwidth cap at 250G it's not a bad way to go.

    The question is would this take enough heat off of Blue Security to keep going?

  • by jacksonj04 ( 800021 ) <> on Wednesday May 17, 2006 @11:21AM (#15351129) Homepage
    If you read up on Blue Security's actual implementation they never sent more unsubscribe requests than emails recieved. They sent one on behalf of the whole community first, then if that was ignored they sent one unsubscribe request for every email recieved from that spammer to a Blue Security customer.

    It's exactly the same amount of traffic as everybody who recieved the email sending their own "Piss off and leave me alone" request.

    On the subject of OS DoS, it won't work because the network will be too easily exploitable. However, something which used a supernode system to distribute the load would work quite well.

    Personally I'm waiting for Google to step in, collect the pieces of Blue Security, then offer it as an automatic feature built into gMail. Spam gMail (x million accounts), someone checks that it really is spam, and then the spammer effectively gets a message saying "Stop spamming Google customers". Ignore it, and that's x million identical requests sent by one mother of a system.
  • by boldtbanan ( 905468 ) on Wednesday May 17, 2006 @11:22AM (#15351139)
    If you have a coalition of companies of that size, they would probably be able to handle the inevitable attacks. You could distribute the authorization amongst those companies (so the final client list would be a conglomeration of all of the masters, which are created by each of the companies). Of course, that opens the door for politicization of the lists, but as long as the power is fairly distributed amongst the players, it shouldn't be a major problem. The biggest obstacle is getting everyone to sit down together and not having it turn into a Mexican standoff.
  • by Anonymous Coward on Wednesday May 17, 2006 @11:24AM (#15351158)
    That is what we have at our university. If your PC is detected doing nasty stuff (viruses, portscans, ...) your MAC gets blocked, and you get redirected to a help-page, telling you what is going on. No compassion however from the admins, you are expected to cleanup your mess yourself. You can then automatically deblock your PC by a webform, but when the problem is still there, you are blocked again within seconds. This system is fully automated, and keeps the number of infections very low.

  • by NtroP ( 649992 ) on Wednesday May 17, 2006 @11:28AM (#15351191)
    I think it could be solved by doing two things: 1) have a mechanism in place that does more to ensure the sender is who they say they are, and 2) Go to a whitelist-based system only.

    If every ISP blocked outgoing SMTP messages from their users and either 1) forced them to relay mail through their servers or 2) ensured that any user-run mail servers were properly configured with SPF, etc. before allowing them to access outgoing port 25 traffic, it would allow allow much better assurance that the sender was who they said they were.

    Then, if any email that was addressed to me had to be checked against my whitelist first, I'd only be getting mail from those users I want to talk to. The real danger would be if one of the users I had in my whitelist became infected by spam-malware that used their address to send spam out to me - but I'd be able to tell right away that they were infected and warn them (or remove them from my whitelist and sent them a live CD :-)

    Any lists you signed up for or any businesses that were going to send you email (like order confirmation, etc.) would have to spell out clearly which email address to add to your whitelist in order for you to get your confirmation. If they send you advertisements on that address, remove it from your whitelist.

    We are implementing some of this where I work. One twist is that we have a mechanism where any mail you send out to someone automatically gets them added to your whitelist - more to help us quickly build a whitelist for our users than anything else while we are ramping up, but it's a start. Then we have each user create a Spam folder, crank the spam threshold way down, and let the users pick through what makes it through and decide where their discard threshold will be. Eventually, when each user has compiled a complete enough whitelist that they are confident they can operate without the spam safety net, they remove their spam folder.

    It's working so far. I know there are services out their that send email back to new senders telling them to jump through hoops to be added to a user's whitelist, but I'm not sure how I feel about that. I have a feeling that sort of thing could get gamed, but maybe that's the way to go - just make it too much work for the spammer. All I know is that I HATE SPAM.

  • Re:Third Choice? (Score:3, Interesting)

    by jackbird ( 721605 ) on Wednesday May 17, 2006 @11:37AM (#15351289)
    I was in exactly the same boat until my host made graylisting [] on their servers. It's gone from 3000/day down to 30 or so. The only problem is that some legit emails from domains with long retry waits don't arrive for hours, but it's uncommon, and adding them to the whitelist solves it.
  • by adamfranco ( 600246 ) <adam@adamfra[ ].com ['nco' in gap]> on Wednesday May 17, 2006 @11:55AM (#15351463) Homepage
    Check out Privateye [].

    Privateye is a tool that our network security admin here at Middlebury College, Mike Halsall, wrote to automatically quarentine computers into a VLAN (that stays with their mac address) that only has access to a help page, anti-virus tools, and windows update.

    Due to the use of this and campus manager (I believe it's the software that actually manages the VLANs, could be wrong), viruses have gone from taking down the campus network several times a year, to being a non-issue. From the project page:

    Privateye came into being to satisfy the tedious task of corrolating event data being gathered from disparate security sensors (Snort, HoneyNet, IPS) and automatically take action on the sources generating the alerts.

    Example 1: You have an Intrusion Prevention System (IPS) that is dumping its alerts to a log file. Privateye is reading in this log file, in real time, and watching which alerts are being thrown by which IP addresses. Now, let's also say you have a user registration system, allowing each user's name to be associated wit h their current IP address. One of your users gets a virus that starts doing Bad Things; this virus starts scanning for open shares on your network (which, in and of itself, doesn't necessarily mean something is amiss) AND connects to an IRC server out on the Internet. Privateye's configuration (all done through one powerful configuration file) has a trigger that specifies, "if I see one of 'my users' perform 50 NetBIOS scans in 60 seconds AND connect to an IRC server, I'll run an external script to do something to that user." That "do something" could be shutting down the switch port the computer is connected to, flipping it into a quarantine VLAN, or just sending the user an email letting them know their machine probably has a virus.

    Example 2: You have a Snort box that alerts on SSH connections from the Internet to some of your internal hosts. You know that SSH brute-force attacks are prevalent, as every day your logs show thousands of login attempts from many machines on the Net. You configure Privateye such that if any external host (to your network) attempts more than 5 SSH logins in a minute, Privateye will run an external action that blocks the offending host from accessing your network for 2 hours at your firewall. If, when the 2 hours is up, they return, they'll then be blocked from accessing your network for 4 hours. Wash, rinse, repeat.

    - Adam
  • by spun ( 1352 ) <loverevolutionar ... m ['oo.' in gap]> on Wednesday May 17, 2006 @12:09PM (#15351589) Journal
    Catchall accounts are so much fun when a spammer decides to phonebook your site., Abby.Adams@,,,, and so forth, just send email to and some are bound to get through, right? One of my clients got 40-50 thousand emails in one day this way.
  • by Chr0nik ( 928538 ) on Wednesday May 17, 2006 @12:14PM (#15351645)
    I agree. However it has to be distributed via P2P networks or some other such arrangement. It could even be distributed by the app itself, asking upon install if the user is willing to be a distro point. Also if it is willing to be house a portion of the db. Kind of like the "supernode" concept. Completely distributed. Either that, or force those options, so that no single client can attract more attention from the spammers than any other.

    However, I don't think it should simply send "opt out" emails, but other attacks on the spammers as well, activating with the screen saver of said computers. No more Mr. Nice antispam. The problem with spamnuker@home would be that on large networks it could interfere with the network connection of people who were not part of the project. This would be strictly for people on home networks, and admins would need policies in place that forbade the use of it, but that would be as simple as the seti@home stuff to prevent.

    The problem would be getting the word out without having standard marketing abilities, like a web site to download from, etc. There are simply too many low skilled computer users that could never benefit from it because they have no idea how to safely use a p2p system. It would be a slow growth. But once the network was large enough, it would be crushing force to spammers.
  • by MountainLogic ( 92466 ) on Wednesday May 17, 2006 @12:18PM (#15351681) Homepage
    The other co-dependent in spam are the credit card companies. They make a killing off of the tranastions. If VISA were to pull the plug on any company that allows their account to be used by spammers we would see an instant end to spam. Call up your bank and ask why they allow their visa acounts to be used for spam.

    There is a simple way for the states to end spam. Require a 1 year period for any person who buys somthing from a spam message to get their money back---for any reason. The banks would not be willing to be on the hook for this so you would see the end of accounts to spammers

  • Fine, I'm happy for you. You obviously don't own an active domain, or a business. Because otherwise I could guarantee that it gets to be a problem for you.

    I do both (well, I work for a guy who owns a business), but neither my home account nor my coworkers' inboxes get nontrivial amounts of spam. I've written instructions on how I did it [], and if you follow them, you can probably get rid of your spam problem as well.

    It's not easy if you're J. Random Enduser, but any qualified system administrator should be able to take the steps needed to win back control of his servers. You can choose to do this - with today's software - if you're willing to exert a modest amount of effort.

  • by igb ( 28052 ) on Wednesday May 17, 2006 @12:37PM (#15351834)
    The problem is that a couple of hundred big time spammers are getting rich by shitting into the communal water supply!
    I find the whole spam thing quite fascinating.

    Firstly, I'm fascinated by where the money comes from. It's taken as axiomatic that spammers get rich because they're paid by unspecified end customers. But all the spam I've seen is for hopeless, obvious scams: are the perpetrators of such scams making so much money they can afford to pay top dollar to spam stupid people? Perhaps they can, because spam paradoxically will preferentially get through to idiots. But are the end users of the spam still making money, even after paying the spammers?

    But secondly, I'm fascinated by the logic of spammers. I can see why you'd want to get your spam in front of potential marks, and people too stupid to filter are likely to be just the ticket. But why all the effort to get through filters, when you're only going to be sending mail to people who aren't stupid enough to respond anyway?

    So I think spam has become an end in itself. Spammers send more spam because that's what they do, and the return on it has become secondly. The people that pay spammers pay them to send spam because it worked in the past. But they'd all probably make more money working.

    Readers are referred to Freakonomics' chapter on how little money drug dealers make for further examples.


  • Re:Can I just say... (Score:3, Interesting)

    by mogrify ( 828588 ) on Wednesday May 17, 2006 @12:37PM (#15351835) Homepage

    Well, sure - it's an escalation, there's no doubt about that... but I'm game anyway, and I bet a lot of other people are too. Here's the thing:

    Blue users are generally security-conscious. They probably use various antivirus technologies already, and can spot social-engineering techniques a mile away. Most ISPs and webmail providers provide automatic virus scanning anyway, and some ISPs provide a free copy of AV software. So there would be many Blue users who would be confident of weathering a storm of virus-infected email.

    So, why not ask them? It's an active community with a lot of communication channels. Why not explain the risks to Blue users and require a new opt-in for the continued fight? Some would drop out, sure, but many (most?) would stay on. They joined to be proactive against the black hats. Why would they quit when it starts getting good?

    Which brings me to another point: the website is down. Completely down. The DNS resolves, but the server is off. This is not an appropriate way to go out. Sure, shut down the reporting service if that's your decision, but to bring down your homepage on short notice does a disservice to the loyalty of the Blue community. Where's the opportunity for discussion, for disseminating information? Even just a "<p>We're closing our doors. Thanks for all the fish.</p>" would be better than this.

    I don't know. I don't agree with how this is being handled; it seems unprofessional and defeatist. And basically just disappointing.

  • by visgoth ( 613861 ) on Wednesday May 17, 2006 @12:49PM (#15351916)
    Pin a medal on their chests! Thats one less piece of shit filling my inbox.
  • Re:Third Choice? (Score:2, Interesting)

    by Ponga ( 934481 ) on Wednesday May 17, 2006 @12:52PM (#15351931)
    Yep. Greylisting rocks, no doubt about it. However, the party might be over my friend. I am seeing more and more spam these days because more and more hosts (zombies, open relays, etc.) are retrying with legit reverse PTR records. Thats to say, more and more spam bots are getting wise to the idea, and acting more an more like legitimate SMTP servers.
    That is not good news for those of use that use greylisting.
    Have you noticed any increase yourself? I've been greylisting for about 2 years now. Just over the last couple months have I noticed the increase...
  • by Da_Weasel ( 458921 ) on Wednesday May 17, 2006 @01:14PM (#15352101)
    Can you say Russian Mafia? Can you imagine just how embarrasing closing up shop and calling it quits is for them after of the PR over the last week. I can't imagine they called it quits just because they thought they would have to deal with more DDoSs...infact they seemed to enjoy the fact that they got DDoSed.
  • by Tom ( 822 ) on Wednesday May 17, 2006 @03:07PM (#15353085) Homepage Journal
    Because these "spam kings" (ok, let's find a new, more acceptable phrase, like "spam dorks") tend to hide out in countries that either have a) no formalized relations with the US or other countries or b) countries that might be allies but will not let us simply go tromping through their country on the hunt for spammers.

    Wrong. Of the top 200 spammers [], the vast majority is still located in the USofA.

    They aren't hiding in the least. We know who they are. But Bush & Co. don't get enough spam, apparently. Otherwise there's be a tank in Alan Ralsky's garden and attack helicopters over Tony Banks' villa.

  • Next is Nagasaki (Score:3, Interesting)

    by Ungrounded Lightning ( 62228 ) on Wednesday May 17, 2006 @03:35PM (#15353325) Journal
    That's one. It will take at least two.

    (Given that the police are saying this one may be unrelated to spamming, it may take at least two MORE.)

    Hiroshima showed Japan that the US COULD make and deliver a nuclear bomb.

    The Japanese generals knew what it was, because they were working on one themselves. At that point, many of them thought the war was lost, and were prepared to surrender. But some of them argued that collecting and processing the necessary materials was such an effort that the US probably only HAD one and wouldn't have a second for a long time.

    Nagasaki showed Japan that we had more than one. This left open the possibility that the US might be able to keep this up - once a month, once a week, once a day, once an hour - until Japan was all rubble and slag. So enough of the rest threw in the towel, too, for Japan to submit without total loss of honor - and thus drastically cut the loss of life on both sides.

    A deterrent doesn't deter until there is reasonable expectation that it may occur. One dead spammer - who may be dead for other reasons than spamming - might make them think a little. But it will take at least two dead spammers - unambiguously dead because of their spamming - to provide enough datapoints for the intelligent among the pack to start including it in their cost-benefit analyses.

    Please note that I'm NOT advocating the wholesale and gory murder of spammers. I'm just noting that, if that DOES end up being the solution (or even a component of it), it won't be limited to one bloody corpse.
  • Re:Email is broken (Score:2, Interesting)

    by fredklein ( 532096 ) on Wednesday May 17, 2006 @09:01PM (#15355333)
    I have a simple, foolproof idea to help eliminate spam.

    Email certification.

    If you want to be able to send Certified Email (CE), you apply for Certification from the company that gives you internet connectivity. They check you out, and 'Certify' you as being a legitimate emailer (ie: not a spammer). Then, you generate a private/public key pair and give them the public one. In the headers of all your email, is their certification, and an encrypted header line that's createdusing your private key.

    When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.

    Due to the public/private key cryptography, there can be no certified email spoofing. (Assuming the private keys are secure, the keys are of decent length, etc.) All emails are traceable back to the originating server. CORRECTION- all CERTIFIED emails are traceable. Anonymous email is still possible. People can still set up email servers for mailing lists without "having" to get them certified. And people can still receive non-certified mail.

    If an email server sends out spam, the complaints go to it's certifier. They can drop the certification, deleting the public key from their server. When this happens, ALL the email from the spamming server is now 'uncertified', and gets handled accordingly by email clients. If nothing is done, complaints go to THEIR upstream, etc. Individuals and groups can keep their own blacklists, if they wish, and anyone can choose to filter emails according to those lists.

    Now, I've looked over that 'form email' that people like to post to shoot down anti-spam ideas. And nothing applies to this idea. (If something seems to apply, it's because I either left out details, or explained something wrong.) This idea does NOT need to be universally adopted, nor does it need to be adopted by everyone all at once. It's primarily a way of reliably tracing (certified) emails back to their originating server. The anti-spam part comes later: if you receive certified spam, complain and get the server un-certified. If you receive un-certified spam... well, just have your email client dump all uncertified emails in the trash. (Not nessisarilly, you could just use it's un-certifedness as a factor in filtering your email.)

    This idea does not require anything be changed with SMTP. It simply requires a second connection be made to the certifying server. Now, before you bitch about the extra bandwidth, I'd like to remind you that, once this idea catches on, spam will be greatly reduced. This reduction will MORE than make up for the slight increase in bandwidth created in querying the certifying servers. Also, the certifying servers can set time limits on when the certifications expire, and need to be re-downloaded (kind of like DHCP leases). A 'new' company that just applied for certification might have it's certificate set to expire almost instantly. This way, every email they send requires a download of the certificate. This allows the certificate to be pulled rapidly if they start spamming. After a month or two, it could be set to expire weekly or monthly.

    To sum up: Email Certification is reliable way of tracing the certified emails back to their originating server. This allows spammers to be identified unequivocally, and have their certification pulled. Email servers are NOT required to be certified, and anonymous email is still possible. Email recipients can, if they choose, set up their client to send uncertified emails to the trash, or to handle them however they wish. White lists and black lists are still possible. 'Hobby mailing lists' are still possible, certified or not. The extra bandwidth is minimal, and easily overshadowed by the reduction in spam being send once spammers realize no one is even seeing, much less reading or replying to their spam.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors