Internet and e-mail policy and practice
including Notes on Internet E-mail


2006
Months
May

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email


12 May 2006

March of the Frogs Email

As I predicted last week in this blog entry on Blue Security, the Frog's fans leapt to its defense, with a blizzard of more or less interchangable outraged messages, often refuting points I never made. Oddly, very few comments appeared on the recent message that was at the top of the blog's home page, but instead on an earlier message I wrote last July. Huh?

It didn't take too much looking through my logs to find that I was the honoree of an astroturf campaign by one of the Frog's acolytes. In a a blog entry he made this morning he said:

Here is the article. Please visit and take a minute to post positive comments about BlueSecurity. BlueSecurity is encouraging us to do such things so let's help them spread the good word. Many thanks.

Followed by a direct link to my old article. I guess I should be pleased to get the attention. But what I really want to know is what's the trick to getting an entire volunteer PR team to work for free.

Update (May 11): I put in a few twiddles so that people who try to follow the astroturf link mentioned above instead arrive at a page telling them to look at my whole blog, which a whole lot of them did, as evidenced by the 31 comments on this entry. But they still don't seem to have figured out that repeating the same assertions over and over don't make them any more persuasive, and I wish they would stop refuting alleged arguments that I never made.


posted at: 00:40 :: permanent link to this entry :: 33 comments
posted at: 00:40 :: permanent link to this entry :: 33 comments

comments...        (Jump to the end to add your own comment)


The trick is simple, if your product dose the following:

1) reduces spam drastically (blue frog dose) 2) Lets you ethically and effectively annoy people you lothe (spammers) Then a good portion of your users will be willing to set up anti-spam operations, PR campains and donate any skills they may have.

For a second example look at Mozilla Firefox, it: 1) reduces security holes drastically 2) Lets you ethically and effectively annoy people you lothe (microsoft)

http://www.spreadfirefox.com/ is proof that firefox has its own grassroots PR.

(by Tortanick 09 May 2006 15:01)


The trick?
Hey, CAUCE has been doing it for years ...

(by Neil Schwartzman 09 May 2006 16:13)


The Trick
I think that BlueFrog, even if it doesn't eliminate spam, gives the impression of providing empowerment to its users. It's an active response, which greatly enhances its appeal.

I think you need to re-investigate BF before you continue this campaign. A lot of their operating model has changed since they first approached CAUCE. I changed my mind about them. You can too.

(by Dylan 09 May 2006 16:56)



Go ahead Mr Levine. As you feel we are commenting on an out dated post, please give us your up to the minute take on the Blue Frog software and methodology. That's assuming, ofcourse that you have taken the time to evaluate the software yourself.

As to your comment about a "blizzard of more or less interchangable outraged messages", has it crossed your mind that they may well be all similar bacause *gasp*, they are sticking to the facts rather than an uninformed opinion?

(by Nemesis 09 May 2006 17:12)


all attack, no thought?
The comment by "Nemesis" is a perfect example: all attack, without even the pretense of having read John's analysis of Blue Security and their tactics.

What do you think will happen if you brow-beat John into pretending that Blue Security is a good thing? It won't stop the script kiddie "war." It won't stop spam. What are you trying to accomplish by being a jerk on someone else's blog?

(by J.D. 09 May 2006 17:27)



The "trick" is that for years we've been asked to pay to have bandwidth used (what would broadband and network fees look like without the 80% of email that is attributed to spam clogging the network?) and now have a tool that will allow us to cost those who benefit from (and pay for) this use of network resources as much as they cost us. Another issue in this is one of control, which, in my opinion, makes this such an emotional issue.

The use of someone else's computer to do *anything* without their permission is illegal, yet, with those who break the law in other, often more corrupt jusidictions, the ordinary PC owner/user is stuck with the consequences.

What is wrong with punishing people who do wrong? The Federal, State and Local authorities do nothing. Perhaps if national and local governments stepped up to the plate and prosecuted those who profit from this (and those who make it possible), companies like Blue Security wouldn't have a market. But until they do, people will naturally gravitate toward something that helps them resolve the issue.

By the way, John, how is automating something specifically allowed (opt out requests) under the CAN-SPAM act, wrong? Is the law wrong? Or is that those who paid so much to the legislators to have a watered down bill are upset that someone has figured out a way to use their law against them? ("Oh my God, they are actually going to take advantage of the rights we didn't think they would ever have the energy to assert!")

If you (a business that would use a mass email service) don't have the network infrastructure to handle the number of potiential opt-outs you could recieve, then that's your problem. You shouldn't have asked for my traffic in the first place. And remember, they did ask for the traffic -- that's why they sent me an email in the first place, right? Or were they just kidding and throwing their money away as a charity for inept people who can't function in society by any other means?

And if you think Blue Security generates thousands of responses all at once, you haven't taken the time to look at how they operate. One opt-out request for each unwanted email sent. Again, if you are a spammer, you know how many addresses you've sent mail to, make provisions for the traffic.

Ah, but if they had to do that, they couldn't make any money, would they? They would have rent time and pay for the datacenters to handle all of that traffic. They might actually have to do a real job -- instead of anonymously sending out millions of messages and running away with the money.

But either way, now, by government or by public backlash, they're going to have a get a real job.

If the government authorities won't take action, we (the public) will.

(by Mark 09 May 2006 17:43)



Under the (YOU)-CAN-SPAM act, every UCE must have an opt-out link. Most don't, and I don't trust the ones that are there, since they are also not supposed to spoof the return path or misrepresent the content in the subject line.

But if I wanted to ignore the oversight and opt-out anyway, I could look up the IP number in the "Received from" line and email the person listed as the abuse contact. And I could go to the website itself and click on every page until I found some way of contacting the site owner without giving my credit card number. That would use up some of their bandwidth, and the only reason I wouldn't do it is that I would have to give my email address and thereform confirm it is valid. But after all that trouble, I might want to post the information somewhere so other people could opt out without duplicating my effort.

Instead, Blue Frog does that leg work for me. The spammers are complaining because recipients are doing exactly what they are supposed to do if they receive unwanted UCE -- opt out. Obviously, there would be minimal consumption of bandwith of their servers at all if they opted people out the first time they were contacted, as they are required by law to do.

Before Blue Frog, many of us also reported to Spamcop. They provide a similar service, but it is much more time consuming to report. There is also no human anaysis that allows them to contact appropriate law enforcement agencies for illegal scams. SpamCop went to great lengths to keep the email addresses of reporters and of their own spamtraps secret. They want to shut down spammers, and they don't want spammers to clean their lists of the people who report spam, making it easier to spam everyone else.

Blue Frog gives spammers what they supposedly want: an opportunity to wash their lists of troublemakers. We aren't trying to shut them down, just make them stop sending us spam.

I can tell you my spam dropped dramatically within 4 weeks as a number of spammers saw the advantage to themselves of removing me. The current brouhaha is due to a spammer who was alarmed by the growth of Blue Frog, I suspect more because he is involved in illegal activities that are being reported to Interpol than because he wants to continue to send spam to people who will report him and his sponsors.

As far as whether it is useful to contact the spamvertised websites: Although the link in the spam itself is likely to a zombie, it quickly redirects to the more permanent site. They have to stay in one place long enough to get paid, after all.

(by AlphaCentauri 09 May 2006 17:49)


You just got it wrong
The simple fact of the matter is, John, your "outdated" article still stands there for anyone to read. Unlike your usual writings, that one was shot full of holes - misinterpretations, poor logic, wrong conclusions, insufficient research. We both know that you could have done a lot better. As time has marched on, it stands as a sad monument that needs to be pulled down. You are witnessing its deconstruction.

(by Terry Bowden 09 May 2006 18:24)



To J.D......

The comment by "Nemesis" is a perfect example: all attack, without even the pretense of having read John's analysis of Blue Security and their tactics".

Erm, I think you will find that I DID infact read every word of his article. I wrote quite a long rebuttal to it, quoting sections of his opinion with my answer. I suggest you go read it yourself. oh and please note the time I posted it. :)

Ofcourse, J.D, if YOU can't be assed to read the article, (which you obviously can't or you would have seen that I HAD infact read it), I am more than happy to post a copy of it here for your liesure.

(by Nemesis 09 May 2006 19:06)


Fighting Abuse with Abuse is Unethical and Wrong
I think Blue Security has demonstrated recently how easy it is to hurt innocent parties with misaimed counter-abuse tactics. Trying to rain abuse back on abusers backfires and harms innocents more often than not (in my lengthy experience). Blue Security may have good intentions, but the approach is brain-dead at best and counterproductive at worst.

(by Ray 09 May 2006 19:21)



Ray,

I'm not sure what "innocent" parties you're referring to. TypePad? Who were attacked 40 minutes *after* Blue Security set up it's blog? Blue Security didn't launch that DDoS, some criminal in Russia -- that the national police did nothing to stop -- did. Do tell, who are these innocents that Blue Security hurt?

There are humans who sort through the spam at Blue Security and do analysis before opt-out messages are sent through the ordering systems. There are attempts to contact the spammer before these requests are sent through the ordering systems.

Oh, and again, just because someone is too cheap to spend on network infrastructure to handle the traffic they are requesting, via email, isn't my (or Blue Security's) fault.

Remember, sending me an email asking me to point my browser a system, and then lambasting me when I use that system because you are too stupid or inept or lazy or cheap to set up the infrastructure so that I can't get your email asking me to do that in the first place will result in traffic...But not the class of traffic you hope for.

(by Mark 09 May 2006 19:36)


The trick is..
When you're running short on the 3MM funding you raised despite the negative advice you and your VC received and now you need more bling to continue since your plan has changed due to massive opposition and a cunning spammer poking your eye out, as CEO, you tend to spend a lot of your off-CEO time chasing around credible critics along with your paid PR firm (paid in advance of course).

(by In the Know 09 May 2006 23:15)



Mr. Levine, I believe you have the wrong impression of how the Blue Security anti-spam system works. I think the core misunderstanding is that DDOS attacks are used against spammers. I can understand how one can come to that conclusion. It does sound similar to a DDOS and due to poor planning on behalf of the spamvertised website occasionally the effect may be the same as a DDOS.

An initial request is made to the spammer to cleanse their list and send no more spam to members after 10-14 days(sorry can't remember exactly). If more spam is sent to members afterwards then the opt-out request scripts are created for the Blue Frog client. Only then are the multiple complaints are filed and only one for each spam message received by the member. There is no timed coordination. This is not a retaliatory action. Nearly the same result would be had if each recipient decided to manually complain via the spamvertised website. Except with the Blue Security method you do not have your e-mail address revealed in the opt-out request and you do not have to waste time doing so.

You can verify this and more details at Blue Security's website. Plus you can examine the source code for the client.

(by Scott Hollingsworth 10 May 2006 01:46)



As I've said before, why don't the "experts" who are so critical of Blue Security listen to the users, or even try it for themselves?. There are many thousands out there who, like me, want to reclaim their inboxes and have found that Blue Security is the first product that actually seems to provide a solution. If the criminal spammers are so upset it must be working, and I'm sticking with it.

(by Jockdownsouth 10 May 2006 03:47)



Of course frog fans are leaping to its defense. You have misrepresented the frog and what it does in your July article.

Your research is flawed and instead of re-examining the facts you try to attach buzzwords... astroturf campaign..please.

All you are encountering ar people who have used the frog, who understand that is not a DDOS attack, who understand how it works and realise it DOES WORK in reducing spam.

You offer opinion Mr Levine, we offer facts. There is no trick to your perceived astroturf campaign. It is plain and simple happy frog users (there are 500,000 addresses in the database you know) letting you know that their frog works.

If someone wrote a factually innacurate article about you I'm sure you and your supporters would jump all over it to correct the errors.

That is all that is happening, blame it on some co-ordinated conspiracy if you wish (paranoia!!) but maybe we just want our frog portrayed in a truthful manner.

Maybe some facts would enlighten you Mr Levine, you are interested in the truth aren't you?

www.bluesecurity.com

(by John 10 May 2006 06:54)


Goat Breeder
The frog apologists are rather easy to spot with their ostensibly content-free astroturfing. Their posts reek of verisimilitude. Indeed, one could very easily believe they were being paid to be so clueless. The levels of stimulating intellectual discourse are remarkable in their absence. No one can be _that_ dim and still able to use a computer. Not even AOL users, long regarded as the lowest common denominator.

It gets even funnier when you look at the URL that prompted these posts. The only thing that separates them from the furverts and their "art theif" posts is that they appear able to spell most of the time.

I guess this counts as a 19" rack troll. Come on froggers, try some rational thought rather than mindless defence of your cult.

(by P 10 May 2006 07:03)


Sick of Your Misinformation
Mr. Levine,

< I guess I should be pleased to get the attention. < But what I really want to know is what's the trick < to getting an entire volunteer PR team to work for free.

The trick is to come up with an idea to fight spam that actually works rather than just giving speeches about it as you apparently do. When you truly believe in something you'll work to promote it without compensation.

[from your ealier statements] < Blue Security's approach (described on their web site) < is to sign people up to provide spam trap addresses...

You make it sound like we're creating new spam traps like honey pots. The spam trap is my real email address... an address where I prefer to not receive spam. Honey pots were initially created for members long ago but BSec changed it's methods and are no longer used that way.

< Blue Security plans to take a variety of approaches < to get the spammers to stop... eventually escalating < to a denial-of-service (DOS) attack on the web site. < The DOS attack consists of a zillion unsubscribe requests < all sent at once. There's no question it's intended to < be a DOS attack...

This is the false statement that just keeps on getting repeated. It's simply not true. If I receive one spam from an advertizer, my Frog sends one opt-out request. If I receive two spams, my Frog sends two opt-out requests. Period. And they're spread out over time on purpose. This is not a DoS. This is in accordance with what's allowed by the CAN-SPAM act. If you claim that the BSec members' methods are a DoS than you must also accept that the spams originally sent are a DoS aimed at me in that they flood my inbox causing me and my computers to spend time doing things I wouldn't have to do otherwise... spammers are denying me the practical use of my own inbox.

< It's certainly frustrating that the fight against < spam is so slow. I'm doing what I can...

No, you're not. If you want to speed the fight against spam, support the Blue Community rather than spreading misinformation about it. At the very least, tell the truth about how the Frog works.

Here's some TRUTH which you nor anybody else can deny: I've been a BSec member since almost day one. Before becoming a member, my inbox was filled with garbage every day. A few months after getting on the DNI list, my spam had decreased to just about zero. Zero. Anybody and everybody, even the most novice computer user, can wrap their mind around that truth.

John

(by John 10 May 2006 10:49)


The Kong Fu Frog
Cool post - check it out

http://www.degardener.com/2006/05/10/spam-and-the-kong-fu-frog/

(by Gil 10 May 2006 11:15)


Small technical point of reference
I wanted to point out that any spammer can quite easily packet filter Blue Security so all these claims of "success" and "agreements" with spammers seem spurious, at best.

Remember, spammers know how to use ACL's and create RBL's as well and they do. Blue Security's architecture seems to relay on a single machine (possibly load balanced) as far as the client is concerned and that's 'members.bluesecurity.com'. I'm sure their "response" architecture is just as simple. Remember, they only received 3 million in funding and it's likely they aren't getting more, unfortunately.

Best,

Martin

(by Martin Hannigan 10 May 2006 11:32)



I can't imagine every shady online pharmacy going out of thier way to script a RBH into who can visit their website. When its so much easyer to stop mailing to people who will never buy anyway. And the blue frogs share the task of complaining. So in extreem exmamples they'd have to block every active user.

I wonder how many of us are on Dynamic DNS?

(by Tortanick 10 May 2006 14:10)


A frog in need
Directed at Martin...

To avoid blocking of packets opt outs are sent from the blue frog client running on an individual's PC. If that individual's ip is blocked another frog on someone elses PC handles that opt out for them.

Custom scripts are designed for each particular site to circumvent any protections the may have installed to block the traffic.

The claims of success only seem spurious to you because you seem reluctant to learn the facts regarding the frog, but instead regurgitae your existing beliefs, which are factually incorrect.

I am a user, I have no affiliation with Blue Sec other than being on their protected list. My spam has virtually disspeared since joining the do not intrude register.

That is a FACT

(by John 10 May 2006 14:27)


Fingerprinting-g-g-g
I'll test the BS client, but I'm sure it's easily fingerprintable and nailed in SpamAssasin.

It doesn't mail the spammers anyhow. It mails their sponsors. Trust me, if it says Frog in it, they can easily throw it away.

Anyhow, this will be my last post on the issue. The facts are out there. It's too bad Blue Security can't be honest.

(by Martin Hannigan 10 May 2006 15:37)


How to get a free PR Team?
Everyone may try it. Indeed if more people did there would be more fantastic products in the world for everyone to rave about. The three simple steps which every inventor and businessman knows:

1. Find a problem that people deeply want fixed. 2. Develop a "killer idea" for a solution that grips people's imaginations. 3. Do what you say you are going to do - earn trust.

Common knowledge says that after the first week, word of mouth is what sells or kills you. Witness this principle in motion with the frogs.

I respect your opinions Mr. Levine. My only constructive criticism towards you would be that your criticism should be more constructive. I have not been able to discern any alternate solutions which you may have put forth in your criticisms. You seem to think highly of filtering, but this isn't a solution but rather only a cover up. We're tired of sweeping spam under the carpet.

Lastly, don't insult the public when they begin to rally behind a product or concept. Instead, be a smart business man and take note of whatever is the driving force. We are not stupid lemmings or "frog alcolytes". Just like you, we have our own thoughts and a voices.

I don't work for Blue Security - I'm just part of their free Press Corp. :)

(by Zeb 11 May 2006 00:24)



Mr. Hannigan,

I'm glad you have decided to test the BS client. You should see that it does not "speak" SMTP, but HTTP and HTTPS. It's complaint would not be as easy to block as you imply.

(by Scott Hollingsworth 11 May 2006 00:50)



I was as skeptical as anyone when I signed up. All the reports to SpamCop never helped, after all.

Before Blue Frog: average spams 100/day, and that was with autodelete filters (for things like "Sexually Explicit") that removed 25-30% of the spam before it hit the inbox. After Blue Frog, and no longer autodeleting (so I can report more!): average 40 spams a day. Currently one spammers is targeting us with spam advertising fake sites, joe jobs, and DDoS's on Blue Security, hoping to intimidate people into no longer participating in Blue Frog. That may intimidate some people; the rest of us are so angry that one person can disrupt the internet to this extent that we want to fight toe to toe. What if he decided to shut down a political campaign's servers a week before an election and demanded extortion money? This is about more than spam now.

When BF started, my machine might be reporting in the background for about 4 hours a day. After the spam started dropping off, it was more like 2 hours a week. Not a very efficient use of processing power if you're trying to launch a DDoS.

After all, if a site agrees to wash their lists when first contacted by Blue Security, there are no other opt-outs generated from other users at all.

(by AlphaCentauri 11 May 2006 08:22)



Blue Frog is a vigilante justice campaign that is worse than spam. People that can't filter their own spam competently rely on this kind of stuff instead of figuring out proper filtering. Why is it I get 0 to 1 spams a week on high profile email addresses? Oh yeah, cause I understand filtering. Blue Frog is a dumb ass backwards idea and the people supporting it are probably the same ones dumb enough to punch the monkey. Monkey punchers.

(by Dave D 11 May 2006 10:30)



Dave,

Many of us know perfectly well how to set up filters. The point is we don't want to hide behind filters. It just turns into a cat and mouse game. What the spammers can get through the filters versus our filtering ability.

Your method is akin to running and cowering behind a wall while the bullies hurl rocks at you. Well blue frog users have united to start hurling some rocks back.

It is not a vigilante campaign, if you had bothered to research how Blue Frog works you would realise that, so I will forgive your ignorance and chalk it up to lack of understanding.

Blue Frog's opt out are legal, fall within can spam guidelines and are ethical. Therefore I have no problem in taking part in the blue frog experiment.

You can cower away adjusting your filters if you like, hoping nothing makes it through to you, but I'm gonna throw a few rocks at the bullies, see if I can't bloody a few noses...

metaphorically speaking of course.

(by John 11 May 2006 11:56)



Martin...

I finally understand your comments regarding the blocking of the frog... You seem to be under the impression that the frog sends mail to the advertised website. This is not the case.

As Scott has pointed out the frog's language is http.

Please do install the client and observe its behaviour.. I await your comments

(by John 11 May 2006 12:02)


This is not the way to have a discussion
I fully understand Mr Levines way of handling the posts on this discussion. When I first started checking out the BlueSecurity forums, the dominant members are those that see the whole thing as a chance to "get back at the spammers". Its an act of revenge. You need to realise that Mr Levine is probably a busy man, who needs to prioritise which posts to take seriously. When the majority of pro-BlueSecurity people accuse him of all sorts of things and act aggresive, then most (if not all) good points and corrections from those who are able to control themselves, about whatever misunderstanding there might be, are wasted. This is frustrating for everybody, and the discussions makes little or no progress. Imagine that someone tries to convince you that you have misinterpreted some things and tries to correct you, or tell you another side of the story, but does so by dissing you and uses an F-word every 5 words that comes out of his mouth. Although there are some extraordinary people who would be flexible and understanding of the others situation, most would just retaliate, or simply ignore the person, regardless whether the person knows what he is talking about or not. Its an extreme example, but you should get the point.

Quote "Here is the article. Please visit and take a minute to post positive comments about BlueSecurity. BlueSecurity is encouraging us to do such things so let's help them spread the good word. Many thanks." This makes matters worse, even if it is meant well. Now Mr Levine has to decide which people are writing just for the sake of writing _SOMETHING_ positive, and those who write to try to clear up misunderstandings, and supporting the discussion. There are some that are genuinely trying to do this, but I hope that Mr Levine has the time to identify them.

As for my own opinion on this whole spam war business, I think we need a short term solution, as long as a long term solution. Blue Securitys BlueFrog application provides the short term solution in a ethical and fair way, and Mr Levine is (this is what I've understood) telling us, that we mustn't forget that its not enough in the long run.

I'm not capable of getting technical, because there are those who know more than me, but I DO know that when a company sends out commercials to a persons home address, they have to be able to handle a complaint from the recipients, that requests not be sent any further commercials. The complaint-handling part requires resources of the advertising company, and makes the whole commercial-sending deal inprofitable. This is what has happened to telemarketing for instance. When they called people, people would call the company and tell them to stop calling. If they called 10000 people, then they risk 10000 complaints, and thats too expensive for. Its the equivalent of a DDoS, but this how it happens. In e-mail advertising, for some reason, the company are almost free of the complaint-handling bit, so naturally, they take advantage of it. Theres almost no risk whatsoever. Blue Security has almost automated (there's still some human involvement neccesary, but they take care of that too) the complaint-sending part. They have simply restored the balance. The companys have automated the sending, so now, the recipients have an application that can automate the complaining.

I've gathered my information from various articles on the internet, and I hope that I got it right.

I also think that not all spammers are people who just care about moeny. Unfortunately, the way I understand it, the BlueFrog doesn't care. So in some cases, BlueFrog might be overkill. Or like DaveD writes: "People that can't filter their own spam competently rely on this kind of stuff instead of figuring out proper filtering." But then again, you can't expect everybody to know how to do this. And you can't just tell them to go learn it, because thats not an immediate option to them. I think this discussion goes deeper than I can handle right now, so I'll post some more later. But feel free to discuss some of the points above with me. I'm wide open.

thx everybody Uwe Matzen

(by Uwe Matzen 11 May 2006 13:16)



Uwe, your analogy of how the frog works is a very good one. This is exactly what Blue Frog users are doing, getting their complaints heard.

As for the filtering. We all know that filtering is just a cat and mouse game. We develop new filters, the spammers tweak their mails to get past them... and the cycle continues.

I don't see why anyone should have to shield themselves from a barrage of mail every day tweaking this filter and that filter just to get to his legitimate mail. Not to mention the fact that filters are not infallible, and often result in false positive. I have lost a few very important pieces of mail due to filtering.

It is the dream of Blue Frog users to go back to a more pleasant time, a time where mail arriving in your inbox was actually for you... to reclaim their inboxes.

All I know is that on a personal note the addresses I have registered with Blue security used to receive over 150 spams a day, that has now dropped to about 5.

This was far better than I had hoped for when I joined the service, even a modest reduction would have been fine by me, but a drop like this was amazing.

There have been major inroads in getting the spammers to clean their lists. 6 out of the top 10 ROKSO spammers are complying with the Do Not Intrude Registry already, which is why a vast majority of members have seen their spam rates drop drasticall recently.

Of course there are other spammers who have been a little more resistant to the change, hence the recent attacks on Blue security and its members, but the Blue Frog lives on and may one day make the dream a reality.

(by John 11 May 2006 13:56)



Re: use of filters I do use filters very aggressively. But autodeleting is not practical in most cases (unless the spam properly identifies itself as advertising, instead of having a subject heading like, "Re: our conversation last week).

I have had false positives for filters I considered highly specific because that character string arose randomly in a gif image included in an email, for instance. Friends lists are very helpful, but some of us need to be able to receive email from people who we didn't already email first.

Even more of an issue is ISP level filtering. With Verizon, for instance, even if you don't use the optional spam filters, Verizon is now blocking all traffic from many IP numbers in APNIC and RIPE (including England, apparently!) unless the ISP applies to be whitelisted. Messages sent from those servers are simply blackholed -- neither sender nor recipient knows it didn't get through. And they make it very difficult for an ISP to find out how to get whitelisted, especially considering that English may not be everyone's first language. I have had legitimate messages blocked that were relayed by Web FormMail on a server that happened to be in Asia, though the person sending the message was in the U.S. The massive bandwidth being consumed by spam at the ISP level has led to this type of action. Now AOL want to charge for sending email to their members.

So don't tell us to just accept 80-90% of the traffic on the web being spam because we can filter it. We can't filter it that well without the risk of legitimate mail being blocked.

(by AlphaCentauri 11 May 2006 15:57)


Re: Johns Comment
(I should mention that its not my anology. )

I believe that the companys that are being advertised for via spam, are actually just interested in getting their products sold, and generating revenue. They have left the 'how' up to those who advertise for them, the spammers. The 6 out of 10 companys are (I think) those who don't want to annoy people anymore than neccesary, and besides, email advertising isn't their only option. So of course, the second the recipients complaining get heard, then they have to react. I understand why they haven't taken action before, but I sure understand why they've taken action now and have put some constraints on the spammers.

However, the spammers and companys that are refusing to comply with the do-not-intrude list are most likely sitting in a very different situation. I think that these companys and spammers heavily rely on spamming to thrive There is all sorts of reasons why this may be so. Some of them may be illeagal, some of them may be personal or financial problems, whatever. They have no choice but to retaliate when confronted by BlueFrogs methods. And I think this is the point that Mr Levine is making. If you go after these people, you achieve nothing else than escalate the spam war. These companys have no choice but to fight back, because their entire profir depends on heavy spamming. They will probably do anything to keep it this way. The war decimates blogs, forums and other parts of the internet untill the other is forced to back down because they have used all their resources. So the problem here is that nobody is trying to be a bit flexible. If the spam-advertsiing companys are so afraid of trying to adapt, should BlueSecurity try then? I don't think they're dumb. I think that BlueFrog is an application that has just proven that the concept works. The concept should be given a chance to evolve and become finer tuned, in stead of generalising.

Email advertising is perfectly legit, but I think that theres some key differences between the virtual mails in my inbox, and the reallife mail in my mailbox, that turns emails into spam. Usually you only receive one mail from your local supermarket, or local bank. When you receive spam, its tens or hundreds from the same company. The spam deliberately tried to take on different forms, even if they come from the same company. And besides, its easier to pull of a phishing attempt. I think people would be much more understanding and willing to read email-advertisements, if the advertisers stop thinking that quantity is better than quality. In the end, they simply lack education in advertising.

(by Uwe Matzen 12 May 2006 03:25)


Blue Security Bites the Dust. It's over.
Blue Security is kaput. And they left us all their zombies on the way out. They're so kaput, that the VC's have already scrubbed their sites of any mention of Blue Security and the site is back to resolving to "no servers found". They have literally pulled the plug.

(by Martin Hannigan 17 May 2006 02:09)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
42 days ago

A keen grasp of the obvious
My high security debit card
349 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.