Spamming spammers sparks ethics queries

Blue Security puts the "George and Charlie" defense to work

Blue Security's plan to fight spam with spam has gotten me thinking. Blue Security is a startup security firm that's taking the fight against spam to the spammers by enlisting end-users to create a Do Not Intrude Registry and making it painful for junk mailers to operate.

It works like this: If spammers send you spam, you have a right to complain. If the spammers send you one spam, you complain one time. Chances are, however, that they will send you thousands of spam messages, so Blue Security lets you complain a thousand times.

Users can download Blue Security's Blue Frog client and sign up with the Do Not Intrude Registry starting this week. When the software is up and running, users register an e-mail address to monitor for spam. The software analyzes the messages that come into the user's account, and then follows the links to the spammer's site. Blue Frog then finds any kind of contact form to fill out and demands the e-mail address be removed from the spammer's list.

I call this the George-and-Charlie defense, because I did much the same thing to a pair of buddies with the same names. George and Charlie were two friends from my old neighborhood, a Levittown-type area on the edge of downtown Fort Worth, Texas. We played football, baseball, and all those other bucolic childhood activities, along with a few others for which the statute of limitations have run out, I hope.

Like many of us, George and Charlie found adulthood to be somewhat less than the "high school with money and nobody to hassle us" fantasy that many of us had when first venturing out on our own.

In other words, we had to get a job and get money and be responsible; unless, like me, you became a journalist. Then it sort of ended with the "get a job part."

George and Charlie both chose the life insurance route for awhile. One of the first things they teach you in life insurance school is to call on all your old buddies, which is what George and Charlie did. Funny, I never tried to sell them a newspaper subscription or an ad in my newspaper.

Anyway, eventually I got tired of it and so when George called one more time to snap up some of my meager paycheck for a life insurance plan, I told him no. I added, however, that I had run into our old buddy Charlie, and he was asking about life insurance, too. A few days later Charlie called and I told him the same thing about George. I never heard from either again. I assume they're still trying to sell each other life insurance in some never-ending Jean-Paul Sartre play.

That is kind of what Blue Security is trying to do. It's more than happy to be George to the spammer's Charlie. Or vice versa.

Blue Security is hardly the first company to attempt this. Lycos Europe attempted a similar system last year, but dropped the plan when the security community argued that Lycos Europe was engaging in vigilantism and had crossed the line by launching DDoS attacks on spammers' sites.

True enough, probably. On the other hand, I know plenty of users whose computer systems have simply been shut down by all the junk that spammers and zombie systems have loaded on their machines. At some point, someone is going to pull a Howard Beale from "Network" and scream, "I'm as mad as hell and I'm not going to take this anymore!"

That's exactly the target audience, says Maribel Lopez, a security analyst at Forrester, although she put it in more analyst-like language: "Blue Security is looking for passionate users, users who are tired of all the spam and are riled up enough to do something about it," she says.

The big question, Lopez says, is whether Blue Security's plan is ethical and legal. "I think those questions are still unanswered," she adds.

If it's not ethical and legal, then I guess I have to call George and Charlie and apologize. The only problem is, I don't want them to have my phone number.