Wednesday, May 17, 2006

A sad sad day ...

This just in from Wired magazine. It appears that Blue Security is shutting down operations under pressure from spammers (is there no justice?) ....

Blue Security's Blue Frog antispam tool worked by having customers install a small piece of software in their browsers that they used to report spam. After aggregating the reports, Blue Security would try to contact the spammers, the websites of companies being advertised and their ISPs to try to convince the spammers to clean their lists of e-mail accounts on the company's Do Not Intrude list.

If that did not work, Blue Security would write a custom script that spam recipients could use to send an opt-out request to the advertised website. In practice, that meant that hundreds of thousands of Blue Frog users could attempt to opt out at once. In addition, the software would fill in online order forms with the opt-out request if there was no other way to communicate with a spammer-advertised website.

This tactic, which Blue Security says is legal under the Can-Spam Act, was controversial with spammers and some antispammers alike.

Spammers complained in internet forums that the opt-out requests were simply a denial-of-service attack.

Anne P. Mitchell, president and CEO of the Institute for Spam and Internet Public Policy, is also a vocal critic of Blue Security's tactics who thinks the company was breaking computer crime laws by having its members fill in order forms with opt-out requests.

"Do you think Blue Frog cares if they are knowingly causing customers to break the law of their own home country?" Mitchell asked. "They don't care because they are sitting in Israel."

But Peter Swire, a law professor and former head privacy official for the Clinton administration, looked into the company's operations, found them legitimate and innovative, and signed onto the company's advisory board earlier this year.

"I get one spam e-mail and my computer sends one opt-out request," Swire said. "That is exactly what Can-Spam gives me the right to do."

Swire says he understands why Reshef has decided to shutter the service, because these levels of attacks are too much for a small company to withstand.

But he says the company showed that this tactic can work.

"If little Blue Security can affect 25 percent of spam, then this approach shows great promise if the big boys get involved," Swire said. "If there is a concerted effort by the big ISPs or by the government, the Can-Spam Act provably is the basis for reducing spam."

Eric Benhamou, chairman and CEO of Benhamou Global Ventures and one of Blue Security's lead investors, said he knew going in that Blue Security's task was difficult. Benhamou is not writing off Blue Security, whose technology he says has other uses, but he supports the company's decision to shut down in order to avoid more collateral damage.

"We knew it would get really serious when the adversary was wounded," he said. "There were no surprises on my part. When I first did my due diligence, Eran and Amir (Hirsch) told me clearly that they knew how to build the technology to accomplish this but weren't sure of the overall business proposition. I said that's fine, because I want to explore something that hasn't been done before and before there were only clever filters. This was totally innovative."


Post a Comment

<< Home