It still seems to me that the best way to put spammers out of business would be to charge everyone who sends an email a tenth of a cent for each email. It might be a technical problem to set up to do this, but would it not be worth the time and trouble?

Using no-spam lists is only partially effective. Spammers are resorting to more and more proxies that they have hijacked thanks to lax securities on user home pc's. They are using these proxies to submit the spam mail which render no-spam lists or specific domain blocks superfluous.

As a network/security admin, I used to think that I could block mail from specific domains from my SMTP traffic, but it became an ongoing task just to keep adding more and more QDNS/IP's on that list. And over time, I have noticed that the spam were not coming from overseas, but originating from US ISP's that I can't block because I get legitimate business emails from those ISP's. I have to rely on mail scan heuristics to filter the mail and be cognizant that some legitimate emails can get caught up by such filters.

Any email solution will need to take into account the requirement for authenticating both the source and the destination PRIOR to delivery as part of its solution.

A few questions and comments:

(1) Would a fee for emails work? I thought the spammers use hijacked PCs to send out their spam. If so, the bill would go to an innocent party; i.e., the owner of the hacked PC.

(2) As for servers, I know home users of PCs are guilty of not taking protective measures. But server owners? I thought they were more sophisticated. Why are there so many compromised servers?

(3) Why not change the law to make the spammers' CLIENTS liable for their actions? Would this be enforceable? If it's not possible to trace the DDoS attacks to the spammers, is it possible to find their clients? Someone buys this service. If the spammers are in it for money and we take away their customers, wouldn't we be solving the problem?

(4) The NSA can do all this wonderfull stuff with computers. Could they help ID the spammers? If we do find the real people behind this, we could send them to Abu Ghraib for some friendly discussions.

This should be a wakeup call to all of us, and especially to our governments. If this isn't an example of terrorism, what is? The Blue Security technology works, but it also uncovered a horrible reality that most of us could not have imagined. A single cyber criminal, PharmaMaster, controls enough financial and technical resources to enable him and a small number of cyber terrorists to take down the internet, and thereby pose a threat to worldwide communications and to our national security. The attack on TwoCows is just a small example of what they are really capable of doing. The corruption likely reaches much deeper than anyone would have thought possibly even involving ISPs, and was beyond the capacity of a small Israeli start-up firm to handle. Yes, there are technological weaknesses to address, but this incident goes way beyond that in it's scope and the challenges it raises for our freedom and for our security.

Rather than tare the internet apart and allow the "war" to spill over into the real world, they decided to cease their anti spam operations. It looks as though only the US government and hopefully the international community has the resources to effectively address this monster.

Pay for sending emails? Spammers don't pay for anything. They're paying their website hosting services with stolen credit card numbers already. A per-email charge would only inhibit legitimate e-mailing and allow spammers to send with impunity on someone else's dime.

The Blue Security model was working. Spammers prefer not to email the people who will report them and get them thrown off their ISP's, so this was a useful service for them, too. But since the spammers suspected of orchestrating this attack are involved in child pornography, the fact that Blue Security was working with agencies like the FBI and Interpol is probably what raised their ire.

I'd like to see the FTC take over with a national do-not-spam registry on the same model as Blue Security's. If the U.S. government can't configure servers to withstand this kind of attack, we have a lot more to worry about than spam.

If nothing else, Blue Security proved that an opt-out list can work for spam: it worked so well that PharmaMaster mounted its terrorist attack against the net . . . I don't when the authorities might get around to moving against these terrorists; imho it should be sooner rather than later. All Blue Frog did was automate the US law on opting out. The naysayers in the anti-spam business don't like such simple solutions because they make their living "helping" us fight off criminals. They don't care if Blue Security gets attacked: they just say "I told you so." And for some unfathomable reason blame it on the victim, Blue Security, instead of the criminals. One upon a time, governments were supposed to shoulder the security burden by taking down these criminals . . . not anymore . . .

quote:

(4) The NSA can do all this wonderfull stuff with computers. Could they help ID the spammers? If we do find the real people behind this, we could send them to Abu Ghraib for some friendly discussions.

--

LOL! This made me smile, thanks!

As a longtime computer support person, I can tell you that the main reason for so many hacked servers is that Microsoft has had little interest in real security until recently when they have at least started giving it lip-service. What frustrates me is that everyone is so meekly giving in, saying "the spammers won again".

THIS IS A LOAD OF DINGO'S KIDNEYS (HHGTTG). They may have won a battle but they have by no means won the war. Unless we give up that is.

If our wonderful govt. (including the NSA) actually cared about resolving this problem, they would pressure Russia and other govts to make them go find and physically arrest these people. However, it is very clear that our govt is not at all interested in that but rather instead they are working on the balkanization of the Internet into large segmented networks controlled by large mega corps who will nickel and dime us to death to connect to various parts of "their" networks. Which were largely funded and underwritten by OUR TAX DOLLARS, BTW.

i long for the days that governments dismembered in your face style law breakers. i wonder what that prick would have told the people cutting off his fingers.. maybe it would be "I will stop immediately and turn in all the people i had contact with as well if you would stop after you cut off my first index finger, sir, please and thank you".

If it true that, "In a nutshell, the attackers find a whole bunch of poorly configured DNS servers", then could someone (besides the spammers) locate such servers and require proper configuration? Fighting spam with more spam isn't economical for traffic, but requiring proper server configuration might be technically within reach, without requiring any action by spammers or spamees.

While I am truly sad to see Blue surrender, (I just sigend up April 15th since MailWasher Pro started 'BlueFrogging', & it worked!) most spam comes or is spoofed to look like it comes through APNIC, RIPE and/or LACNIC and is therefore quite easy to filter and delete at the server without ever having to view it or download it so no worries even about viruses. Check out Mailwasher Pro!

Quote
While I am truly sad to see Blue surrender, (I just sigend up April 15th since MailWasher Pro started 'BlueFrogging', & it worked!) most spam comes or is spoofed to look like it comes through APNIC, RIPE and/or LACNIC and is therefore quite easy to filter and delete at the server without ever having to view it or download it so no worries even about viruses. Check out Mailwasher Pro!

---

Wow, APNIC, RIPE, and LACNIC, thats just about half the internet. I'm sure no spam comes in via ARIN...

Now, where's the NSA when you need them?

Is forewarned Still forearmed?

Are we waiting for a cyber 9/11 to pre-empt, especially overseas?

A very small base metal implant into the trilobed structure of the brain, lying posterior to the pons and medulla oblongata and inferior to the occipital lobes of the cerebral hemispheres, that is responsible for the regulation and coordination of complex voluntary muscular movement as well as the maintenance of posture and balance, has never failed as yet to disuade the recipient from distributing mass unsolicited electronic communications worldwide, and has been shown to be far more effective than Blue Frog Security alone. Contact Smith & Wesson (research and contracts department) Smith & Wesson Holdings
2100 Roosevelt Avenue
Springfield MA USA 01104.
Where we have the definitive solution to your spamming problems.

Sounds good to me Professor. You got a twenty fer that boy in Russia y'all ? Count me in. Come on.

Maybe it is time governments made it illegal for financail institutions to provide banking facilities for those involved directly and indirectly in such activity.

It is not just the bad we have to worry about. Numerous times I have followed the opt-out mailing instructions for Microsoft emails and they still send them despite the fact that contravenes the law in my country of residence.

Cool. Dead men send no mails. Direct action is needed now. Never rely on others to do it for you. Contact Areroflot for bargain summer prices.

I bet lots of the spam is sent from legitimate, non-hacked servers of huge and small dedicated server providers. So don't you blame MS and "dumb admins". With the credit card payments and chargebacks companies support/abuse departments often get much more friendly to a spammer, paying huge $$$ than you can imagine. And will often believe into any "I'm running an opt-in list of 100 million brain-damaged users who really want to get my sh*t for free. Here is the opt-in info I have for the address in question:".

With all that dual standards people have to make choices - either they try to make big $$$ and help spam (possibly having legal problems later), or try to do the opposite - and get into variety of nasty situations.

The only way to stop spammers is that everyf*'n-body goes to a court and sues people who ordered spam services. 90% of them will back off and do a chargeback from a "legitimate marketing company" if they get strict understanding that it was illegal and they may get sued for much more $$$ than they'll ever make.

Seems not many people understand, that spam is a business that may give up to 20K$ income for each 1K$ invested if built properly. I believe it's FAR MORE than any drug dealer makes unless he steals drugs from others.

But it's impossible - with lawyers not willing to help in that cases for free and lazy public capable of nothing more but sitting with their asses in the comfortable chairs and complaining.

One person saying "I didn't subscribe" could have forgotten that. A million - well, probably at least half of them really didn't subscribe.

Also, selling "opt-in info" to "partners/affiliates" must be made illegal. Possibly it could be allowed only in the case of companies merging.

A very small base metal implant into the trilobed structure of the brain, lying...

Also it should be added "containing no sophisticated electronics and environment friendly if utilized properly after careful usage"

Well - you get the addresses for travelling in each e-mail as well. Though no free tickets there.

Smith & Wesson Holdings
Where we have the definitive solution to your spamming problems.

:)
Heh - a second civil war and Wild West in US!
I'd like to see it on my TV ;).

Ivan: F**n' US embassy consular section in your country will be pissed off if you write that in your visa application.

"Maybe it is time governments made it illegal for financail institutions to provide banking facilities for those involved directly and indirectly in such activity."

The "such activity" is a term really balancing on the edge - it's very hard to determine if the "marketing company" is legal or not without real hardcore checking of everything, and police/FBI capturing computer equipment first and a thorough check going after that.

And nothing like that will ever happen if people will be lazy and will not see anything farther than their own gain.

A lot of our problems are due to the hijacked PC's owners. People have enough money and the wherewithal to buy and install PC's, yet they do not secure them. With the media attention placed on malware, this is un-excusable.

Because of their carelessness or not give a damn attitude, they have empowered spammers with massive computer resources, while we who do secure our systems pay the price.

I believe everyone here so far has overlooked the obvious. Spamming is a business. Like any business it is subject to the law of supply and demand. Where there is demand there is supply. Take away the demand and the supply goes away.

It's pretty obvious that it is very difficult to take on organized cyber crime head to head. The working model that will eventually rise from these ashes is one that makes it undesirable to utilize the services of a spammer to promote goods online. It will not have instantaneous results. It will erode their margins slowly, so slowly in fact that they barely notice they're going broke until they're fully bankrupt.

Submitted for your consideration.

Blue Security PWN3D 13371y! LOLLZZZZ!!!!!!111

I believe everyone here so far has overlooked the obvious................

Hey you have given me a great idea. We send mass opt outs by using an automatic program,followed by mass completion of email forms at the offending sites if they don't comply, and slowly the spammers go out of business as you say. We could call it something like Blue Frog perhaps and then give it universal bad press and no support when it is found to work. Thank God Thomas Eddison stood up to the doubters and knockers of this world.

Blue Security had to shut down, not because they couldn't technologically get back on their feet, but because major ISPs have obviously made a point by threatening of law suits for damage and loss of revenue caused by the DDos.

This is what lies beneath the "innocent users and collateral damage".

I don't think Eran Shereff and Eran Aloni were stupid enough to start this business without knowing they were tackling really dirty players. So much for their good intentions. Their stepping down is a sad event, not because the spammers win, rather because they are showing how short sighted they have been with all this. All the players in the anti-spam industry which they approached prior to start operation told them the Blue Frog was a bad idea.

I am sad that they had to step down, I am sad to see that the spammers will keep going as they please, but nonetheless: shame on Blue Security for letting down thousands of users who took some loss in the last two weeks.

Seems there were two issues discussed here, spamming emails and DNS amplification attacks.

In both cases, it comes down to economics, in that those that are in the best position to prevent these attacks (the ISPs) have the most to gain financially by letting them continue.

Both of which are actually simple to resolve.

For DNS amplification attacks, those running the authoritative DNS servers simply need to "untrust" the downstream DNS servers that have been compromised. When the ISPs running these now "untrusted" DNS systems start to go out of business due to customer complaints from not having Internet access, those ISPs that want to remain in business will fix their DNS systems so they can be "trusted" again.

Same for spamming, it would be simple for ISPs to perform basic traffic analysis to determine if their account holders are sending spam or if their bandwidth is being used by spammers (intentionally or unintentionally). For example, if a home account sends more than maybe 20 or so emails a day, it is likely a spam account. The ISP could contact that account holder to let them know they may have malware that is sending all that email.

The real problem is, the ISPs are making money from all the spam.

Well we just seem to have atracted the usual politically correct "roll on your back and surrender" merchants here don't we. There is only one way to rid the world of the ciminal elements who would impose themselves in each and every aspect of our daily lives, and that is to hit back hard with any means at our disposal. If the bastards don't like it then tough. Let's see if we can put right the 30 years or so of political correctness which has so successfully undermined and destroyed a once half decent planet to the extent that the baddies now call the shots with impunity. Send the PC brigade back to cuckoo land.

How about saddling Microsoft Corp. with an e-mail postage levy? It's their lax, careless and incompetent programming that made it possible for spammersrs to hijack millions of computers who are now polluting and, before long, will bring down the internet. To use Microsoft's Mount Everest of cash to get this Windows-based plague under control would only be appropriate.

if you read spamhaus.org from the link, MCI is the US ISP hosting their frontend business of spam delivery and refuses to shut them down.

Unfortunately, Blue Security/Blue Frog entered the spam war with a paltry 3 million dollars. That was their mistake. They needed a hundred times more money than that.

Spammers have a LOT of money. They pay ISP's huge bagfuls of that money. ISP's could have nipped the spam problem in the bud years ago if they had acted responsibly and proactively implemented appropriate network controls. But that would have meant spending some of their money. And it also would have required them to adhere to even a minimal code of ethics in their business operations. Unfortunately many ISP's are driven only by greed, and as pointed out in a previous comment, MCI happens to be one of those openly suckling at the money teat. Tucows' actions in unceremoniously dumping Blue Security as a customer illustrate that many ISP's are just as complicit, even if they're not officially on the spammer's payroll.

So-called "anti-spam" vendors have absolutely no desire to see the spam problem go away - they make gigantic bagfuls of money "fighting" it. This is why every single company that sells anti-spam software mocked the Blue Frog idea. They don't want their source of money to disappear.

Yes, there are some technological design issues with the operational model and methodology Blue Frog implemented, and that made it more vulnerable to attack. But those could have been addressed had there been more money available to hire more developers (to redesign the software) and purchase/lease the technology to offset the DoS threat (widespread distributed hosting for one).

However, at the very least, Blue Security gave it a shot and were far more successful than what any of the nay-saying pundits, such as John Levine and Todd Underwood, have been.

According to the stories, Pharma used several thousand computers to DDoS attack Blue Sec. Couldn't that list of hijacked computers now all be sent a message that their computer has been hijacked and here is what you need to do. If just half respond, Pharma loses half his bots.

Any insight into the attack that brought down bluesecurity.com? If Prolexic's service protects against future ddos attacks, it seems like this is not the only reason why they decided to fold ..?

Well-designed email "postage" wouldn' be easily exploited by spammers running zombies. You don't have ISPs charge the account associated with the originating computer; instead you have users buy cryptographically secure "tokens" from the server that they'll be sending through ahead of time, and require that emails have a token attached in a header before they can be accepted by the server. That would raise the complexity of spamming from zombies considerably; you'd need to steal account information from users on the networks you intend to send from, and steal credit card numbers to pay the "postage". And technically it wouldn't be that hard to implement. The biggest problem, of course, would be phasing it in; people would consider it a Bad Thing to have their email suddenly go dark because their client or relay server doesn't support the postage token protocol, but the receiving server requires it.

The article correctly describes DNS as Domain Name System, than goes on talking about "DNS System" on several occasions.
Greerings from the Department of Redundancy Department!

I think Blue Security had the right idea. There is a war going on in cyberspace and it's time more of us jumped in and helped fight it. I'm not advocating vigilante justice or physical violence, but there are far more white and grey hats than black hats in this world. If we organized our efforts we could force spammers out of business and off the net.

Just a point of view (wild idea?) ...

Since spammers are in business, and
businesses follow Demand-Supply, how
about addressing the demand-side in
addition to the supply-side?

Yes, go after spammers/ISPs/child-pornographers/etc... but go after
the people that "partake" ALSO, and
be even more harsh on them.

Very heavy fines (punitive),
(life-time?) ban from using computers/Internet,
imprisonment (life?),
etc.

Demand shrinks, supply follows.

If the laws are tough enough, the
only spam left should be the regular
government/law-enforcement stings.

Regarding the post by Not An Economist-Lawyer:

It may be a wild idea, but it's also a very, very bad idea. That's the same kind of logic that led to the U.S. "War on Drugs", which has quite obviously been a spectacular failure.

Kaspersky Launches Latest Internet Anti-Virus and Security Software
Wby am I not surprised. Take a look here and draw your own conclusions. http://www.russianewswire.com/releases headlines_details.php?id=2233 Call me a sceptic if you like.

The one asset that PharmaMaster exposed in this.
The insider at a Tier1 provider that did his bidding.
Presumably for financial gain.

That person was the biggest threat made good.
It caused severe problems for other Tier providers
also.

Why has this person not been identified, hauled up
for criminal charges, and made an example of?

There should be better security, and possibly
the equivalent of Government security vetting
controls on staff with powers such as these.

If you want to stop spammers, go after the companies that use them.

I think everyone that has previously mentioned "remove the demand" or "go after the companies that use spammers" has only partially hit that nail on the head. This guy's handle is PharmaMaster - it's obvious that he is a pharmaceutical (spelling?) spammer. This is your v1@gr@ and c1@l1s guy. Unfortunately, the pharmaceutical companies are too entrenched in politics to be simply taken out or penalized.

Why wouldn't a proof of work (POW) or reusable POW approach suffice to prevent DNS amplification? Existing DNS request protocols could be supported at a much lower QoS.

At the end of the day, be it spammers, drug dealers, porn peddlers, car sales, etc, there is a business becuase there is a demand. As long as there are people intentionally clicking on the links and buying the peddled products, there will be spammers. The intelligent spammers use pre-defined targeted lists to get maximum takeup. The dumb spammers send to any known address, and as a result, are the biggest impact to the Internet at large.

In any kind of war, the act of killing is always justified. I therefore find it ironic that some people here would regard DDOS counter-attacks on the unethical DDOS mayhem spamming pundits as illegal/unlawful vigilantism. In war, nothing is illegal, nothing is considered vigilantism. It is a WAR for heaven's sake. There will always be collateral damage.

If we all interested in a more "civilized" answer to fighting spam, more ethical black hat and white hat penetration and intrusion experts should focus on plugging the botnet problem. Botnets should be identified, broken in and then plugged securely even without the botnet owner's knowledge. People may call this illegal but what's more illegal IS UNSECURING YOUR OWN backyard nuclear weapons and ak-47s. So fighting guns with guns is simply justifiable in any kind of war.

elsewhere BK said symantec says 56% of spam originates in the US, but i would say only about 10% of my spam does. imo, regardless of symantec, spam is primarily an import. even if my personal spam doesn't reflect the average, i bet that the most obnoxious spam, as opposed to spam from real businesses with real return adr, is overwhelmingly imported.

i have been fighting spam for a long time. when it first picked up in the 90s it was all "domestic". spammers would use open relays to disguise their origins. some US internet providers were bad actors for different periods - for a while uunet/alternet was the spam king, but i haven't got anything from them for a long time. some US providers are very responsible. send a spam complaint to hotmail and they respond. you never get spam from hotmail, but it doesn't matter. spammers don't have to find a rogue US provider or an open relay anymore - they just operate from russia or brasil, where there is no law.

it doesn't matter what law regulates US providers. even if i'm wrong and more then 10% of spam is domestic, if US providers feel the heat and crack down on their spammers, they will move their ops to russia and brasil, and make me right :). it's the internet! you can spam from any country, so why use one that has laws?

there's only one way to control spam, and that's to secure the borders. that's what i try to do with my procmail filter, which begins with
: HB
* .*\.br/.*
$HOME/Mail/junk

: HB
* .*\.ru/.*
$HOME/Mail/junk

: HB
* .*\.bg/.*
$HOME/Mail/junk

: HB
* .*\.cl/.*
$HOME/Mail/junk

: HB
* .*\.pk/.*
$HOME/Mail/junk

and goes on for many more countries. i'd like to figure out how to combine procmail with whois so mail that just has IP numbers but not the country suffix in the header can be filtered.

secure the borders and the rest is details. you really need an email from russia, whitelist it.

If we are to slow spam by charging for emails, we might exempt the first 1,000 per day. After all, no major spammer wastes his time on 1,000 per day, and meanwhile, organizations can still get their newsletters out.

There should be a penalty for the ISP that allows the initial e-mails go out. If I tried to send a million emails a day through my ISP, I'm sure it would be prevented. So if the other ISP's are transmitting it, they must be in on the deal, so to speak.

And of course, the sponsor. The seller of the goods or services should be even more responsible than the spammer, because they are putting him up to it. And they are easy to locate. Take away the money, and the spam disappears, too.

How about the credit card service? They must occasionally see clues that the merchant is a spammer. If you can penalize the credit card company, you can block the spammer's or sponsor's way of getting paid.

How about a more diversified form of Blue Security? Ask people to complain, and each day, pick just one spammer.

Then, post that one address on a website (at least while the website is young and the clientele are few) asking people who had received a particular e-mail to send a cut-and-paste objection to the spammer.

The messages would come from thousands of machines, so there would be no single target to attack.

The address list would get longer, and some of the customers would want to send to yesterday's, the previous day's, and so forth.

This would be so simple, that others could imitate it, and there would be no single website to attack.

To begin with, the website could be supported by donations. Eventually, a small fee could be charged for accessing the site. Perhaps even advertisers could be included.

Gee, why didn't I think of that?

"If we are to slow spam by charging for emails, we might exempt the first 1,000 per day. After all, no major spammer wastes his time on 1,000 per day, and meanwhile, organizations can still get their newsletters out.

There should be a penalty for the ISP that allows the initial e-mails go out. If I tried to send a million emails a day through my ISP, I'm sure it would be prevented. So if the other ISP's are transmitting it, they must be in on the deal, so to speak."

gene, no laws or penalties made in the US will have the slightest influence on an ISP in russia, brasil, korea, etc, where most spam originates.

Our laws may not have an effect, but there sure would be an effect if all email from those nations are blackholed period. Remember, it's not us who needs to email them, it's them who needs to email us. Maybe after getting complaints from their citizens that their emails no longer reach the US/UK, that they will be forced to take action on the known criminals within their midst.

Another thing - ISPs should take more responsibility for shutting off zombied pcs. If it can be done on a corporate or university network, it sure as hell can be done on the ISP level. There is no excuse for them not to do it.

They can cut them off from the internet and route all of their requests to a "You are infected" page, with downloadable tools to clean up their sloppy mess of a pc.

And last but not least - not everyone in Russia likes spammers... one spammer/malware purveyor was found beaten to death. Maybe if the death penalty was initiated for spammers and the CEOs/Board members of companies who use their services, we would quickly be rid of the spam problem for good...

thejynxed-
total agreement!

I support the Smith & Wesson idea wholeheartedly!!!

We should hold the end clients of spam responsible. Perhaps a service like Blue Frog, where people would forward in their spam emails and the servers would collect the URLs, phone numbers and such. Count up the emails reported then charge the companies a stiff amount for each email reported. Kind of like a bulk email charge that the post office does on reply envelopes. If the companies don't pay up, then the sites are shut down and accounts locked until payment is made. Lawsuits could also be brought against the companies and owners, the results of which would fund the service so it could expand and stay in biz. I think the ISPs who host the sites should also be charged for the emails and be held responsible if the companies didn't pay up. Maybe then they wouldn't be so eager to host such shady companies.

Heck, Blue Security should make thier automation scripts and programs available to all the web. Then people all over can use it to host sites all over the world to attack back at spam. Sure the spammers can take down several servers. but could they handle a few million blue frog type servers all over the world? when attacked in mass, retaliate with more mass!!!

and for gods sake people, do what you can to protect your own systems.

A friend used Blue Frog and now his computer doesn't allow him access to any mail programs. A coincidence or did the spammers actually do something to his computer. If so, what and how is it fixable.

The guys over at Spam Arrest who have been around since 2001 are offer a 90 day free trial to Blue Security users using the following link:

http://www.spamarrest.com/affl?4021707

I signed up, its very cool and stops my spam even the stuff I was getting because I used blue security's software.

@ James:
>>The guys over at Spam Arrest who have been around since 2001

Yes, we know.
http://www.politechbot.com/p-04461.html

>>I signed up, its very cool and stops my spam

"When the Challenge-Response system is babbling in response to a forged sender, and the C/R afficianado chooses to bother me, I feel duty bound to point out the error of their ways by responding to let them get the spam in question."
http://groups.google.com/group/news.admin.net-abuse.email/msg/262e13049c60b862

Well the only recourse that I can see now since Blue Frog is no more is to contact the companies that I have the infected email address through and have the account turned off. I have had Blue Frog since the beginning and was very happy with thier service. I am sad to see them go.

Google wanted to be a big fish in a big pond so they sold out to China by agreeing to censor selected materials (porn, spam, drugs, western music, etc) on the domestic Chinese internet.

The Chinese government contracted with Google because Google does, in fact, have the power to do all the censoring China would like.

Sound like a solution to the spam problem in the USA?

Sometimes, the answer is just right there.

The solution is simple.

Follow the cash flow. Order the goods with a credit card, and follow the trail.

Any Gov't agency can do that, if there is a will.

With Blue Security gone we lost a friend. Spammers, extortionists, and cyber criminals won the battle but maybe not the war. Spam still needs to be addressed at the source not at the receiving end. Filtering does not send a message to the spammers. Opt out complaints do. Blue Security worked for a while better them any other method. We need software developement that we can put on our PC's and with the click of the mouse we can send opt out complaints to spammer (spamvertised) sites (links) on a one complaint for one spam basis. If thousands of us were complaining every time we received a spam the advertised sites would receive the same number of complaints. Just a click of the mouse would do it. Spammers may cause us pain by hijacking and abusing our email addresses but eventually they could not operate if all of us were sending back one complaint for every illegal unsolicited spam they sent to us. With no central servers to attack a Ddoss attack would be dificult to do. One complaint for one spam is fair and right. Spamvertised sites deserve complaints if they allow their products to be advertised via illegal unsolicited spam.

Blue Frog was a great idea and it worked so well that a large scaled cyberwar ensued between spammers and antispammers. We all know the outcome but Blue Frog was a large target. In this situation, like many others, the hackers who brought Blue Frog down used bots and remained for the most part anonymous. The solution is to remove the target. The first step is to build a program to run off a individuals local machine that would interconnect them with other users of the software. This would enable a large scale network of anti-spamming bots. This program would slam the spammers ip with thousands of return e-mails from fake email accounts. Without a supporting website to attack, the hackers could only focus their efforts on sites that hosted the software. The solution? Why dont we post the software on a government or microsoft website. After all, they most likely would have the best resources to track down and prosecute offenders.

99% spams are generated from the brains of USA residents although servers are used from different parts of the world. So, the codes that Loloy mentioned above are just stupid thinkings. If it is needed to filter something, that must be attitude of USA citizens. This could be done by *coding* (teaching) them from their schools!

Opps, it was not Loloy, it was "macunix".

Bring back Blue Frog!

A new site is creating Anti-spam software much like BS, but this software does not require the site active to work. Once installed the user has more control over the software, it uses the DNSBL servers to determine if the spam site needs attacked then hits the site with a bandwidth flood.
The software will also forward the spam to many DNSBLs to mark the IP where it came from. See http://www.DoSDragon.com for more information about it.