Spammers turn on antispam vigilantes

E-mail attacker says security firm is 'not playing fair'

An effort to force spammers to stop soliciting certain e-mail addresses went bad on Monday, after at least one spammer began sending large volumes of unsolicited e-mail to members of a "Do Not Spam" list run by Israeli firm Blue Security.

In recent days, e-mail users who had registered for Blue Security's "Do Not Intrude" list have instead been the target of a spam campaign and received extortion e-mail messages threatening to continue the campaigns unless the users remove their name from the Do Not Intrude registry, according to Blue Security CEO Eran Reshef.

The message claims that Blue Security is "not playing fair" and that members can only avoid spam messages by removing their name from the Blue Security list.

"You are receiving this email because you are a member of Blue Security," the message reads, in part. "Due to the tactics used by Blue Security, you will end up receiving this message, or other nonsensical spams 20-40 times more than you would normally."

Blue Security launched its "Do Not Intrude" list in November 2005. The company claims to have 500,000 registered e-mail addresses in its database, plus business relationships with other antispam firms.

The Do Not Intrude program allows individuals to register an e-mail address with Blue Security and tracks spam messages with desktop client software known as "Blue Frog." When spam e-mail is sent to a Do Not Intrude Member, Blue Security traces the message to its origin and then bombards the Web site behind the campaign, known as the "sponsor," with requests to remove the e-mail message from his or her distribution lists. Millions of e-mail messages translate into millions of "opt out" requests, bogging down the spammers' servers.

The spam campaign is a sign of Blue Security's success and an act of frustration by a major spammer based in Russia, Reshef said.

"It's one of the top spammers. We're not sure which one at this point, but six of the top 10 are complying with [Blue Security], so it's one of the remaining four," Reshef said.

Blue Security's growth in recent months has forced major spam operations in Russia to stop sending to Blue Security members, Reshef claims. Those Russian spammers account for around 25% of the 4.5 million e-mails Blue Security receives each week.

"We've reached an inflection point," Reshef said.

Reshef claims that the spam campaign did not reach all Blue Security's Do Not Intrude members. Contrary to some reports, the Do Not Intrude database was not breached, and members' e-mails are not at risk.

Instead, one spammer compared the scrubbed and actual e-mail list to derive the addresses of Do Not Intrude members, and then began targeting them, Reshef said.

An attack also took Blue Security's Web page off-line in the past two days; Reshef believes that attack is related to the spam campaign against Do Not Intrude members, although the company is still researching the problem.

Blue Security hopes to have its Web site back up soon, and Reshef said it is undeterred by the attack on its members.

"This is a sign that [Do Not Intrude] is working. We've finally created something that spammers actually care about," Reshef said.

This story, "Spammers turn on antispam vigilantes" was originally published by InfoWorld.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon