TELECOM Digest OnLine - Sorted: Spammer Identifies 'Secure' Email Addresses From Blue Security


Spammer Identifies 'Secure' Email Addresses From Blue Security


Anick Jesdanun (ap@telecom-digest.org)
Sat, 13 May 2006 23:12:38 -0500

By ANICK JESDANUN
The Associated Press

NEW YORK -- One spammer has managed to identify e-mail addresses on a
"do-not-spam" list touted as secure, taking advantage of an obvious
flaw with such lists and prompting critics to wonder what took so
long.

Those who submitted their addresses to Blue Security Inc.'s Blue Frog
registry have been getting messages that threaten, among other things,
"nonsensical spams 20-40 times more than you would normally" get,
according to a copy provided by the company.

Blue Security described the spammer's tactics as "bullying" and
"extortion" as well as a sign the company's controversial anti-spam
tactics are working, annoying spammers enough to prompt such a
response.

Critics, however, say such lists are fundamentally flawed.

"Do-not-spam" registries work by encouraging users to submit their
e-mail addresses -- Blue Security says it has 450,000. Before sending
out a batch of messages, spammers are supposed to remove any addresses
appearing on such lists.

The lists are generally encrypted so spammers can't mine them for new
addresses. Instead, spammers run their lists through an identical
encryption algorithm, and the resulting fingerprints are
compared. Spammers can then remove any matches.

But John Levine, co-author of "Fighting Spam for Dummies," said
spammers merely have to run their lists, see what's been removed and
compare that with the original to find out the addresses on the
"do-not-spam" lists.

"It's only a surprise that it took this long," Levine said.

Eran Reshef, Blue Security's chief executive, said spammers must
already have the e-mail address to learn it is on the "do-not-spam"
list.

Blue Security has been criticized for what Levine calls its vigilante
approach. Users install software that sends complaints to spammers
automatically. Thousands complaining at once can knock out a Web site
and, the company says, encourage spammers to stop.

According the company, the spammer responded not only by threatening
users if they don't stop but also by making Blue Security's Web site
inaccessible outside Israel, where the company has major operations.

Copyright 2006 Associated Press

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more news and headlines from Associated Press, please go to:
http://telecom-digest.org/td-extra/AP.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Jaikumar Vijaya: "Antispam Firm Blue Security Says Was Victim of Attack"
Go to Previous message: Canadian Press News Wire: "Ban on Cellphones in NYC Schools Causes Uproar Among Students, Parents"
TELECOM Digest: Home Page