Blue Frog or Toadstool?

18 May, 2006: Important Security Notice to Former Blue Frog Members

Uninstall Your Blue Frog Client Immediately!

While anecdotal, there have been reports that the Blue Frog client can be exploited. True or not, it's pointless to keep the Frog client running. Please adjust your firewall accordingly.

17 May, 2006: Blue Frog Croaks

According to their CEO, it was simply unable to become trapped in a war against a criminal group. "This is something that's really got to be left to governments to decide. To fight the spammers you really need to spend $100m."

In our opinion, they "simply" could not raise sufficient venture capital with a highly suspect financial model, dubious methodology and numbers that didn't make any sense (see text of this article). Indeed, the entire DDoS is curiously suspect as well.

At the end of the day – class act that they were – Blue Frog seems to have discontinued their web site as there is no longer a DNS pointer. One wonders if they even made an effort to contact their subscribers.

14 May, 2006: About that Depressed Froggie

A week has expired since the critical analysis. The intention was to update the statistical calculations this morning. However, the nice folks at Blue Frog seem to have removed that reference page from their web site. Last Monday, I emailed many of the "experts" who provided positive reviews on the web site with a request for counter-point. None have responded.

Blue Security is the company behind the Blue Frog anti-spam software. Blue Security has been in the news of late due to the apparent activities of some spammers to send email to the Blue Frog mailing list and to disable their site with a DDOS attack. That a spammer may have obtained a user list is disturbing enough but there are some far greater concerns.

Our conclusion is that Blue Security's primary objective is to launch an IPO. Filtering spam is quite secondary to that endeavor.

Reviewing the Numbers:

According to their web site, as of Sunday, May 7, 2006, 11:00 AM EDT, they have 471,266 users with "reported spam" of 4,703,239 over the last seven days. That's 1.4 spams per day per user. Someone receiving one or two spams per day is more likely to click and delete than to seek a software solution that consumes bandwidth and resources. The potential counter-point is likely to be something like "that demonstrates how effective Blue Frog is." You decide which explanation makes more sense; The number of users (which is the key to their future IPO) or a level of efficacy that is grossly inconsistent with what most people experience.

Taking it a step further, we analyzed a random sample of 20 sites¹. These are the among the last reported of the "2,027 spam sites reported to other organizations (last 7 days)." Of those 20:

  1. Only five have active web sites.
  2. One of the five does not appear to be a spamvertised site. Suggesting that 74% of the reported sites ceased operation within an average of 3½ days of Blue Frog's action seems highly improbable.
  3. Searching the usenet news group news.admin.net-abuse.sightings, the last reported activity ranges from September 23, 2005 to April 26, 2006. None of the 20 have "sightings" in May and only four in April.
  4. Therefore, to accept these numbers, one has to embrace the idea that none of the usual "sightings" reporters and honey pots received any spam from any of the 20 in our sample for the last 12 days. On average, the last reported "sighting" to the news groups is more than two months ago. Again, this all seems highly improbable and the data simply doesn't make sense.
  5. If the data is correct then it may suggest that Blue Frog subscribers are being targeted.
  6. Blue Security advises members not to visit these sites "as they may contain offensive and/or harmful content."

Reviewing the Methodology:

According to the documents on their website, Blue Security sends one complaint per spam received. "Blue Frog opens an HTTP session with the spamvertised site, visits the site according to the flow of instructions included in the script and posts the opt-out text in forms found on the Web site, such as registration or purchase forms.". The opt-out text instructs the spam site to obtain the software to utilize their Do Not Intrude Registry. If 50,000 Blue Frog members receive spam with the same landing page then that site can expect 50,000 forms completed with the opt-out text. Given that registration and order forms typically require a valid credit card, it seems unlikely that Blue Frog can flood the site with form mail. Using the forms seems to be a pretext for flooding the site with unwanted traffic. However, being forthright and simply asserting that Blue Frog fights spam with a distributed denial of service wouldn't look too good in a SEC S-1. Ultimately, Blue Security proposes that we fight abuse with more abuse. Getting down in the same dirt as the spammers seems rather repugnant if not hypocritical.

Spammers tend to be idiot savants. They can be profoundly stupid while extremely adept at protecting their financial interests. A "captcha" ("type in the text from the image") would seem to eliminate any form threat from Blue Security. There are a number of ways to eliminate the flood threat as well but I'm not going to be instructive to spammers.

Related Content: Why Fighting Abuse With Abuse is a Terrible Idea

¹ werewoold.com •  tracer223.com •  ubojestvo.com •  ssl056.com •  softism.net •  shopbestsale.com •  oemmi.com •  neuedownloadableware.com •  lawanawixyu.org •  kamupirai.org •  goblinware.net •  free-candle-drawing.com •  enewworld.com •  dobroware.com •  dihahuvie.net •  saveyourbling.com •  zanaza.com •  jelh.com •  god4poses.com •  vtopkusoft.com

© TQMcube.com Open Data License

 Stop Spam - Take The PledgeTake the Boulder Pledge: DON'T SUBSIDIZE CRIMINALS


Some of Our Partners:

TQMcube home
 Site Search: