Death of the Frog

Two weeks ago, I wrote about Blue Security's Blue Frog service, an incredibly effective method for fighting spam. For each spam message a Blue Frog user receives, Blue Frog sends one opt-out request to the sender of that spam. The end result is that the spammer receives millions of email messages, which probably overloads their network, but that should be an expected cost of doing spam business--people should have a right to opt out anytime they want to.

Blue Security said that since the inception of Blue Frog, six of the top ten spammers had stopped sending spam to Blue Frog users. However, one spammer took serious offense and launched a Denial of Service (DoS) attack against the company that also affected other networks. All the affected networks recovered.

That's the good news--now here's the bad news: Last week, Blue Security announced that it closed down its Blue Frog service. In a message posted to its Web site, the company said that the reason it ceased operation is that "After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.... We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company."

It's true that Blue Frog might have caused spammers to launch continued attacks that might have serious effects on other networks, and Blue Security did seem to be considering others when making its decision to close down the service. But I don't see this decision as being in the best interest of the Internet community, including Blue Security, because the news gets worse.

After Blue Security decided to discontinue Blue Frog, the spammers attacked again! The second DoS attack rendered Blue Security's site inaccessible even though Blue Security made considerable technological efforts to thwart such attacks.

This second attack was probably meant to send another message.The message I take from it is crystal clear but probably isn't what the attackers intended: Kowtowing to spammers isn't the solution.

While closing up shop might seem like a reasonable choice, it's essentially the equivalent of handing your network over to a bunch of black hat intruders who continually break in. It gives the intruders control they don't deserve to have.

I hope Blue Security changes its mind and brings back Blue Frog. If it doesn't, I hope that somebody else takes up where Blue Security left off, and quickly! Fighting back as a group has proved to be incredibly effective, and I'd hate to see momentum lost.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.