A recent Associated Press story on Yahoo! uncovers a new solution for recipients of spam to fight back…and beat spammers at their own game.
Blue Security has a solution called Blue Frog that works by using a “do-not-spam” list they call “Do Not Intrude”.
Here’s a quick overview of how it works:
# Users add e-mail addresses to a “do-not-spam” list and Blue Security creates new addresses (“honeypots”) designed to attract and catch spam
# When a honeypot address gets spam Blue Security tries to contact the spammer and then triggers the Blue Frog software on the user’s computer to send a complaint
# If enough people complain it will knock out the spammer’s website and hopefully encourage them to stop sending emails to the “do-not-spam” list.
Simple enough! But fundamentally flawed, I think.
First of all, intentionally crashing someone’s website is actually a denial-of-service attack which is technically illegal. Furthermore, with spammers often being affiliates of reputable websites the site that is attacked may not be the spammer’s site. With automation triggering the complaint by the Blue Frog application you may end up “attacking” eBay or Citibank if you respond to “phishing” spam.
I give Blue Security some points for trying to deal with spam in a different way. However, as ISPs, webmail providers and corporate mail server managers implement the tools available to address spam (e.g. Sender Policy Framework, Sender ID, Authentication, Domain Keys, etc.) you will see less of it. And if we can teach people to not respond to unsolicited email and offers – even if they just want to see what’s on the “other side” – we will make it less lucrative for the spammers. If there was no ROI in spam there would be very few spammers.
If you use email as a marketing tool, educate your recipients on what they can do to reduce spam, starting with just deleting it.