By ANICK JESDANUN, AP Internet Writer
Escalating the war on spam, a California company wants to let
thousands of users collaborate to disable the Web sites spammers use
to sell their wares.
A leading anti-spam advocate, however, criticized Blue Security Inc.'s
Blue Frog initiative as being no more than a denial-of-service attack,
the technique hackers use to effectively shut down a Web site by
overwhelming it with fake traffic.
"It's the worst kind of vigilante approach," said John Levine, a board
member with the Coalition Against Unsolicited Commercial
E-mail. "Deliberate attacks against people's Web sites are illegal."
Levine recalled a screen saver program that the Web portal Lycos
Europe distributed briefly last year. The program was designed to
overwhelm sites identified by Lycos as selling products pitched in
spam.
Eran Reshef, Blue Security's founder and chief executive, denied any
wrongdoing, saying Blue Frog was merely empowering users to
collectively make complaints they otherwise would have sent
individually.
Here's how the technique works:
_When users add e-mail addresses to a "do-not-spam" list, Blue
Security creates additional addresses, known as honeypots, designed to
do nothing but attract spam.
_If a honeypot receives spam, Blue Security tries to warn the
spammer. Then it triggers the Blue Frog software on a user's computer
to send a complaint automatically.
_Thousands complaining at once will knock out a Web site and thus
encourage spammers to stop sending e-mail to the "do-not-spam" list.
Reshef acknowledges that the technique only works if enough users --
say, 100,000 -- join. The program is initially free, but Reshef said
Blue Security might eventually charge new users.
Copyright 2005 The Associated Press.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. See a continuous stream of new headlines from our
wire service at http://telecom-digest.org/td-extra/TDNewsradio.html
Updates every minute or two, around the clock.
[TELECOM Digest Editor's Note: So John Levine terms attempts to
disable spammers as 'illegal and the worst kind of vigilante
approach'. My, oh my, I really bleed for the spammers. I wonder why his
complaints are not leveled instead at the spammers who try repeatedly
to shut down this site and many others because of the volume of spam
they send out? Why is that, John? I suggested to John I would start
using a 'challenge system' where each _legitimate_ writer to the
Digest was asked _once_ to type in some message they saw on their
screen which would show themselves to be approved, then at some
unannounced future time everyone who had not 'accepted the challenge'
would be trashed. John's response to me was he would cut off Digest
mail entirely if I started challenging. He said a challenge system
would 'cause too much extra email to go back and forth.' But somehow
my auto-ack (which I _flatly refuse_ to do away with) does not cause
'too much extra mail to go out'? He had no answer for that, or none
that he would share with me. I think John has been hanging around too
much with the ICANN fools, going to their expensive and elaborate
vacations in Argentina and Europe.
Because of my administrative ability to deposit good, serious files in
the archives directly via email as desired, spammers/scammers now get
in there as well. I go in the archives each day or three to clean out
where they have defaced the archives, as well as the tons of spam
which get sent via email to this address. I guess I could shut down
that email backdoor, and probably I should not complain since it is
okay for spammers to shut down (or deface badly) our archives, but it
is not okay for me to join with others in shutting down spammer's web
sites? Is that what John is saying? It is not okay to adopt a very
simple challenge system in order to be assured that real human beings,
no matter how whacky some of their ideas are reach the Digest but the
spammers do not? Is that the way it should be? Out of self-defense,
no more, no less, I login here and immediatly go to the spam mail box
and do a general clean out without even reviewing it at all. I know
now and then as a result I lose good mail as well. Why does ICANN and
their buddies in essence give spammers and scammers free run of the
net while the rest of us are not being allowed to do the same? Is it
because ICANN really wants to see the net as just a commercial thing
with no small insignificant users like myself left here any longer?
Some of you guys are so fond of telling us all the things that will
_not_ work to cure the spam problem, yet when _we_ tell you things
which will partly work, you threaten to ex-communicate us? As the
late Jack Benny phrased it, 'really, Mary ...' I should be so lucky.
PAT]
Anick Jesdanun (ap@telecom-digest.org)