Jump to content
Sign in to follow this  
despaminator

Blue security

Recommended Posts

Hi gang, it's been quite a while! Looks like big changes.

Between motorcycles, moving, and my new addiction kart racing I've kept myself damn busy and just let my filters do the dirty work.

Just heard about Blue Security, and they look a little hinky. Quite a few spammy red flags went up as I checked out their stuff. I did not find any recognizable endorsements.

Thought I'd poke around in here to find a second opinion. I did a search and did not get any hits for blue security or even blue.

Anyone got any data on them?

www.bluesecurity.com

RickB

Share this post


Link to post
Share on other sites
Looks to me like they are spammers themselves:

Hi Merlyn, LTNS!

Here's a link to a discussion I started in NANAE.... it went off on a few tangents, but it seems that other than one person, the general consensus was that Blue Frog's DDOS against a spammer is nothing more than fighting abuse with abuse (not condoned by the "general" anti-spam cmty).

http://groups.google.com/group/news.admin....ad6d4dedc?tvc=1

:ph34r:

There's also a discussion on /.: http://it.slashdot.org/it/05/07/18/1214226.shtml?tid=111

And on BS's own blog: 174.tdSHa9aKa4I.0[at]3c3e88bc!discloc=.3c3e9cf1]http://community.bluesecurity.com/webx?14[at]..scloc=.3c3e9cf1

Share this post


Link to post
Share on other sites

And a bit of an updated blurb ..... Spamware vendor integrates anti-spam service ....

Send-Safe, a notorious developer of spamming software, has updated its program to include a remove-list feature from the controversial Blue Security anti-spam service.

The latest build (803) of the Send-Safe Mailer v2.20b includes an option designed to prevent spammers from sending messages to any of the 245,000-plus e-mail addresses registered with the Blue Security "Do Not Intrude" registry.

.

.

.

Prior to this development, Blue Security was seen by many spammers as purely antagonistic, since the service is designed to post complaints in the order forms of sites advertised in spams received by Blue Security members. Now, Send-Safe has given Blue a stamp of legitimacy from the spam world.

On the other hand, I doubt this integration will do much to improve Blue Security's standing among some leading anti-spammers. The whole notion of remove lists is anathema to ardent supporters of opt-in email. Blue Security, they might argue, is ultimately just providing a free list-washing service to spammers.

To save wear and tear, Blue Security was also mentioned in the following Topics;

http://forum.spamcop.net/forums/index.php?showtopic=5004

http://forum.spamcop.net/forums/index.php?showtopic=5736

Share this post


Link to post
Share on other sites

Here's a lovely spam message I received today regarding Blue Security:

Return-Path: <SeymourouOYQQ2S[at]albedo.net>
Delivered-To: X
Received: (qmail 27099 invoked from network); 2 May 2006 08:42:58 -0000
X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade2.cesmail.net
X-spam-Level: 
X-spam-Status: hits=0.0 tests=UNPARSEABLE_RELAY version=3.1.1
Received: from unknown (192.168.1.101)
  by blade2.cesmail.net with QMQP; 2 May 2006 08:42:58 -0000
Received: from rwcrmxc21.comcast.net (204.127.198.47)
  by mailgate.cesmail.net with SMTP; 2 May 2006 08:42:58 -0000
Received: from comcast.net (failure[218.81.245.233](untrusted sender))
          by rwcrmxc21.comcast.net (rwcrmxc21) with SMTP
          id <20060502084256r2100i4t08e>; Tue, 2 May 2006 08:42:57 +0000
X-Originating-IP: [218.81.245.233]
Received: from  cluster.uk 
	by recalcitrant.barnett.net (Qostfix) with ESMTP id AB56EC589E
	for <biodeveSeymourouOYQQ2S[at]albedo.net>; Tue, 2 May 2006 08:40:54 -0400
Message-Id: <brassy.sermon[at]supposition.com>
From: "Seymour Funk" <SeymourouOYQQ2S[at]albedo.net>
Date: Tue, 2 May 2006 08:38:32 -0400
To: X
Subject: iceland ayers
X-SpamCop-Checked: 192.168.1.101 204.127.198.47 218.81.245.233 


*SNIP*
Hey,

You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).

You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

How do you make it stop?

Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.

We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.

Why are we doing this?

Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.

If BlueSecurity decides to play fair, we will do the same.

We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.

If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.

We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.

You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..

Just remove yourself from BlueSecurity, and make it easier on you.

Seymour Funk
*SNIP*

Comical.. I even got some bounces from this spammer using my address to promote the DDoS attacks:

*SNIP*Subject: Delivery Status Notification
To: x
Date: Tue, 2 May 2006 11:14:23 +0200
Message-ID: <4405CA9704E94738[at]vsmtp22.tin.it>
X-CP-Transaction-ID: 4405CA9704E9472A
X-CP-For: domenicrag[at]virgilio.it
MIME-Version: 1.0
Content-Type: Multipart/Report; report-type=delivery-status; boundary="========/4405CA9704E9472A/vsmtp22.tin.it"
X-SpamCop-Checked: 192.168.1.103 63.240.76.51 212.216.176.131 
X-SpamCop-Disposition: Blocked dnsbl.sorbs.net

This multi-part MIME message contains a Delivery Status Notification.
If you can see this text, your mail client may not be able to understand MIME
formatted messages or DSNs (see RFC 2045 through 2049 for general MIME
information and RFC 1891 through 1894 for DSN specific information).

--========/4405CA9704E9472A/vsmtp22.tin.it
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

 - These recipients of your message have been processed by the mail server:
domenicorinaldi[at]virgilio.it; Failed; 5.2.2 (mailbox full)

    Remote MTA ims1b.cp.tin.it: SMTP diagnostic: 552 RCPT TO:<domenicorinaldi[at]virgilio.it> Mailbox disk quota exceeded

domenicosavino1[at]virgilio.it; Failed; 5.2.2 (mailbox full)

    Remote MTA ims1b.cp.tin.it: SMTP diagnostic: 552 RCPT TO:<domenicosavino1[at]virgilio.it> Mailbox disk quota exceeded

domenicoviti[at]virgilio.it; Failed; 5.2.2 (mailbox full)

    Remote MTA ims1b.cp.tin.it: SMTP diagnostic: 552 RCPT TO:<domenicoviti[at]virgilio.it> Mailbox disk quota exceeded

domenicrag[at]virgilio.it; Failed; 5.2.2 (mailbox full)

    Remote MTA ims1b.cp.tin.it: SMTP diagnostic: 552 RCPT TO:<domenicrag[at]virgilio.it> Mailbox disk quota exceeded



*SNIP*

--========/4405CA9704E9472A/vsmtp22.tin.it
Content-Type: Text/RFC822-headers

Return-Path: <x>
Received: from comcast.net (212.58.205.134) by vsmtp22.tin.it (7.2.072.1)
        id 4405CA9704E9472A; Tue, 2 May 2006 11:14:23 +0200
Message-ID: <867B9E4E.1469F41[at]comcast.net>
Date: Tue, 02 May 2006 14:51:52 +0400
Reply-To: "BlueFrog member" <x>
From: "BlueFrog member" <x>
MIME-Version: 1.0
To: <domenicorinaldi[at]virgilio.it>
Subject: FW:Prevent spam, by participying is a DDOS attacks against spam sites
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 8bit


--========/4405CA9704E9472A/vsmtp22.tin.it--


Share this post


Link to post
Share on other sites

Many of their users reported good results with spam levels falling to a trickle but I saw a 50% increase. I don't attribute that to being a Blue Security member but that being a member had no effect in decreasing my spam and it would have increased by 50% anyway.

Within 48 hours of several versions of the above mails being sent their websites crawled to a halt, disappeared, reappeared briefly and then disappeared again. Co-incidence? Their Blue Frog software is currently running on my PC but unable to contact Blue Security for opt-out instructions. I have searched the web for news about what may have happened but have found nothing so far.

I've wasted too much time on them now and will again be reporting to Spamcop, my spam may still not decrease but my trust level is higher as I have a much better understanding of the whole process.

Share this post


Link to post
Share on other sites

I tried them just for sh*ts and giggles, but honestly saw zero reduction in spam. Though I don't see how the software ever would have done that in the first place: The site sends 'opt-out' requests to the spamvertized site, in hopes of jamming it up or DDoSing it, but that's not going to take my email address off the list that the spammer has. I always thought of it as a F- YOU to the spammers, nothing more.

Share this post


Link to post
Share on other sites
... but unable to contact Blue Security for opt-out instructions. I have searched the web for news about what may have happened but have found nothing so far....

42551[/snapback]

Thought I raised them - but no luck for me either. Did get Blue Frog after 3 tries at what should be a quiet hour. Both sites use Tucows NS, currently no news about problems. Edited by Farelf

Share this post


Link to post
Share on other sites

I assume everyone is by now aware of the recent DdOS attack on Blue Security:

Recent Commentary

I wonder if anyone else here was deluded with spammer threats ...joe job against BS and the like since that war started... Seems spammer behind it run his list agains BS and found me there, I must have got a few hundred spams from the Russian viagra spammer behind the attack.. I reported them here obviously, maybe it did some good, another spammer is down...

Starting Monday, May 1st, the Blue Community has been the target of a criminal spammer. This criminal spammer, PharmaMaster, is attempting to deny our community the right to opt-out from his spam messages.

Aside from blackmail emails sent to community members, there were two separate attacks on Blue Security itself. The first attack was to block worldwide access to Blue Security's corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called "Blackhole Filtering". The Second attack was a DDoS attack on Blue Security's operational system.

Blue Security's view

How many more out there? I am ready to take them on...

Moderator Edit: Merged this 'new' Topic/Post into this existing discussion about the same parties ....

Edited by dra007

Share this post


Link to post
Share on other sites

spamcop newsgroup has some recent traffic, citing slash_dot and digg ... and of course dragging in NANAE, some other web-sures, some BS recent tactics to divert a DDoS that impacted an innocent party .. on and on ....

[spamCop-List] BlueSecurity/Blue Frog .. scroll down and "Sort by Thread" to grab the rest ....

Share this post


Link to post
Share on other sites

I've recieved 2 more bounces from the spammer using my email address as the 'source'... looks like they are still pissed [at] Blue Security.

Share this post


Link to post
Share on other sites
I've recieved 2 more bounces from the spammer using my email address as the 'source'... looks like they are still pissed [at] Blue Security.

42649[/snapback]

They must be. See below.

"Reshef also bragged of several recent wins over spammers, including one last week in which four major spam rings agreed to stop spamming Registry members. Together, the four are responsible for about 8 percent of the world's spam, Reshef claimed.

"Members have seen a sharp decline in spam just this last week, as these spammers, and others, cleaned their lists."

[http://www.techweb.com/wire/security/187002643]

This episode caught my attention when, on about May 4, incoming spam to my various e-mail inboxes dropped to 0. I dug back in old Techweb links to find out about this drama.

By the way, I'm getting less than one spam/day now. Even though I'm not a BlueFrogger.

I wouldn't mind the commandos visiting Russia's "pharma master!" What was the most recent estimate of time/wages/productivity losses?

Share this post


Link to post
Share on other sites

Looks like they have members upset, non-members upset, their isp upset, spammers upset, anti-spammers upset and just about everyone else. What a way to do business. Kinda like a turd on a rose, looks good but still smells.

Share this post


Link to post
Share on other sites

I use them and I am happy they are making a dent in the spammer's business...They did reduce some of my spam. Spamcop never made a difference to me because I cannot use their filters, I still like to report here and keep a membership because I see anything that puts a load on spammers as positive..

If we are to take back the Internet from this criminal scum who fill our e-mail boxes with their unwanted junk, we gotta put a common front and support antispam actions...

I have looked at the pros and cons of Blue Security. Obviously they are getting the attention of spammers, and that's a good thing...

Share this post


Link to post
Share on other sites

I use the Spamcop filter on our server and I am glad we do as it makes a big dent in our spam load. As for BS well, I always thought that anti-spammers were for the most part very reputable persons. BS 's way of operating is to fight fire with fire, just because they are spammers this makes our operating model OK. That right there should be throwing up flags but then when they did their recent bout with the ddos attack and brought down their provider with their tactics shows me their true colors. Maybe I am old fashioned but I will not bow to the spammers tactics. There is a right way and a wrong way to do things and BS is definately the wrong way to do it. They are as bad as the spammers.

Edited by Merlyn

Share this post


Link to post
Share on other sites

I agree with Merlyn that there is a right way and a wrong way to do things. If the internet is to continue to be useful for email, then any action that disrupts it should not be condoned.

One of the special characteristics of the Internet is the availability to all with no censorship. Condoning disruptive actions because the 'cause' is good just makes it more difficult to restrict the same behavior when one doesn't believe in the 'cause'

IOW, the ends don't justify the means.

Miss Betsy

Share this post


Link to post
Share on other sites

The good news is that Blue Security's membership has grown 11% since the attack last week. Seems like it ended up generating a lot of good PR and outraging enough people who are looking for an effective way to fight spam.

Edited by dra007

Share this post


Link to post
Share on other sites
<snip>

IOW, the ends don't justify the means.

42677[/snapback]

...Then just what does justify the means?

...ITYM "the ends don't justify all means." :) <g>

Share this post


Link to post
Share on other sites

Honestly, I don't expect Blue Security to do a damn thing to the amount of spam I receive, but I DO think that the software is designed to overload the spammers' sites, POSSIBLY raising an alarm ot two for the IP owners they've jacked and most certainly forcing them to move around a lot.

Share this post


Link to post
Share on other sites

Honestly, I don't expect Blue Security to do a damn thing to the amount of spam I receive, but I DO think that the software is designed to overload the spammers' sites, POSSIBLY raising an alarm ot two for the IP owners they've jacked and most certainly forcing them to move around a lot.

Blue Security analyzes reported spam manually (some automated sorting of course) and categorizes it. Illegal contents get reported to appropriate authorities (FTC, Interpol, McAfee etc)

Spamvertized sites get treated in accordance with CAN-spam Act. Owner is contacted, and asked to clean their spammer address list of Blue Sec's opt-out list. This is CAN-spam in practice. If spamvertized web site complies with this law, within 10 days (see the Act) no further action. If spamvertizer breaks that law, and spam reports detect contined violations of the law, Blue Sec carefully schedules a further enactment of the consumer rights as specified under the CAN-SAPM Act - the right to opt out. Blue Sec activates an automated opt-out request from seveal user sites. The CAN-spam opt-out goes to the web site, finds a feedback or order form, and fills it in with text requesting the spammer cleans their list with Blue Sec's membership opt-out list. This is again in full compliance with the law.

This process is carefully engineered with built in timer delays to reduce the load on the site, since the objective is to fill in the forms. The spammers have tried to label this implementation of the CAN-SAPM Act as a DDOS attack. Nice try, no cigar.

Blue Security's approach is totally legal and ethical. No activity is undertaken with any spammer whose mail is legal and CAN-spam Act compliant (ie not forged sender, opt-out link that works). Many Blue Security members are also Spamcop reporters. The two systems are complementary. Spamcop goes after the sources of the spam. Blue Security goes after the beneficiaries of the spam, and reports illegality of the contents to authorities and affected parties.

Personaly, I would have expected Spamcop members to be better informed in this forum about how Blue Security actiually functions. For some more helpful background, please view an independent analysis by Marcus Ranum http://www.bluesecurity.com/technology/overview.asp

Share this post


Link to post
Share on other sites

Well said, and that is exactly why I think using Blue Security is worthwhile. Spamcop has little or no functionality when it comes to webadvertised sites, it also saves me the time I used to spent reporting to law enforcement agencies...

The massive attack they suffered and still try to recover from is proof they are a big thorn in spamers' behinds ...So I keep my fingers crossed they will come back stronger.

Share this post


Link to post
Share on other sites

<snip>

Personaly, I would have expected Spamcop members to be better informed in this forum about how Blue Security actiually functions. For some more helpful background, please view an independent analysis by Marcus Ranum http://www.bluesecurity.com/technology/overview.asp

Some anti-spammers have a bias against opt-out lists on principle. If I didn't request it, then I shouldn't have to opt-out. In fact, the only way to 'opt-out' of even legitimate advertising email would be an automated system since if unsolicited email was allowed, there would be too much to deal with manually.

If they are not 'jamming' spamvertized sites with opt-out requests, then one could argue that they are doing a service by reporting non CAN-spam compliant email to appropriate authorities. And those who use it should get listwashed from some spammer lists.

Essentially, it is a listwashing service, however. Some people may, as long as it does not fight fire with fire by jamming spamvertized sites, think that's ok. In discussions about whether to mung or not mung, some people felt that if their email address was listwashed from some spammer lists, that was ok since it didn't make an actual dent in the amount of spam. They guessed that once it was listwashed from one list, it was then sold as an 'active' email address to another spammer. Others figure that whatever causes the spammers extra work is a good thing.

Most server admins find that using various blocking lists works really well to prevent spam. They are not interested in listwashing and most of them are probably against it on principle. That's probably why the many spamcop reporters who are admins are not interested in Blue Security - even enough to research it carefully. I think the first response to the mention of Blue Security was on the lines of 'I took a look around and I didn't like what I saw though it may not be a spammer operation.'

Basically, the only workable way of keeping spam out of one's inbox is filtering and confirmed subscription. Only incompetent or irresponsible ISPs and mailing list operators don't understand that at this point. Of course, if all ISPs enforced confirmed subscription and prevented trojans and all ISPs used blocking to alert competent ISPs and stop illegitimate email, then there would be no spam.

That's my explanation of why spamcop reporters are not enthusiastic about Blue Security.

Miss Betsy

Share this post


Link to post
Share on other sites

We've only heard here from 2-4 SC users that are against BS. There are a lot more SC users posting positive things on BS blog!!

We will never hear from the silent majority, that, I suspect are using whatever resources they can get their hands on to combat spam. That includes SC and BS....

Share this post


Link to post
Share on other sites
That's my explanation of why spamcop reporters are not enthusiastic about Blue Security.
I think that should read either "some spamcop reporters" or "most spamcop reporters".

Using Blue Security has had little effect on my spam levels and I certainly cannot confirm the level of success that other users have quoted. The severity of the attack, it started two weeks ago, certainly points to an angry army of spammers retaliating so I'll continue to sit on the fence. It might work for some but not, so far, for me.

In any case I can't even remove my e-mail address from the DNIR until their website returns from its somewhat extended maintenance . :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×