Spammers turn on anti-spam vigilantes

An effort to force spammers to stop soliciting certain e-mail addresses went bad on Monday, after at least one spammer began sending large volumes of unsolicited e-mail to members of a "Do Not Spam" list run by Israeli firm Blue Security.

In recent days, e-mail users who had registered for Blue Security's "Do Not Intrude" list have instead been the target of a spam campaign and received extortion e-mail messages threatening to continue the campaigns unless the users remove their name from the Do Not Intrude registry, according to CEO Eran Reshef. 

The message claims that Blue Security is "not playing fair," and that members can only avoid spam messages by removing their name from the Blue Security list.

"You are receiving this email because you are a member of Blue Security," the message reads, in part. "Due to the tactics used by Blue Security, you will end up receiving this message, or other nonsensical spams 20-40 times more than you would normally."

Blue Security launched its "Do Not Intrude" list in November, 2005. The company claims to have 500,000 registered e-mail addresses in its database, and business relationships with other anti-spam firms.

The Do Not Intrude program allows individuals to register an e-mail address with Blue Security and tracks spam messages with desktop client software known as "Blue Frog." When spam e-mail is sent to a Do Not Intrude Member, Blue Security traces the message to its origin, and then bombards the Web site behind the campaign, known as the "sponsor," with requests to remove the e-mail message from his or her distribution lists. Millions of e-mail messages translate into millions of "opt out" requests, bogging down the spammers' servers.

The spam campaign is a sign of Blue Security's success and an act of frustration by a major spammer based in Russia, Reshef said.

"It's one of the top spammers. We're not sure which one at this point, but six of the top ten are complying with (Blue Security), so it's one of the remaining four," Reshef said.

Blue Security's growth in recent months has forced major spam operations in Russia accounting for around 25 percent of the 4.5 million e-mails Blue Security receives each week to stop sending to Blue Security members, Reshef claims.

"We've reached an inflection point," Reshef said.

Reshef claims that the spam campaign did not reach all Blue Security's Do Not Intrude members. Contrary to some reports, the Do Not Intrude database was not breached and members' e-mails are not at risk.

Instead, one spammer compared the scrubbed and actual e-mail list to derive the addresses of Do Not Intrude members, and then began targeting them, Reshef said.

An attack also took Blue Security's Web page offline in the past two days, which Reshef believes is related to the spam campaign against Do Not Intrude members, although the company is still researching the problem.

Blue Security hopes to have its Web site back up soon and Reshef said it is undeterred by the attack on its members.

"This is a sign that (Do Not Intrude) is working. We've finally created something that spammers actually care about," Reshef said.