PDA

View Full Version : "Blue Frog" Software


rlohmann
April 21st, 2006, 06:09 PM
Has anyone tried the "Blue Frog" anti-spam package?

Google recommends it for download and use with gmail. It's supposed to reduce spam. According to the publisher, an entity called "Blue Software," they use reports of spam, reported through their gmail software add-on, to send "opt out" messages to spammers, who, Blue Software apparently believes, truly want to know who doesn't want spam. The spammers, according to Blue, eagerly seek help with the process of deleting the corresponding addresses from their mailing lists. When I pointed out that most spammers offer "opt-out" links in their mailings, links that are generally understood to be nothing more than a mechanism for validating their databases, BF's response was in substance a suggestion that I read their PR release.

I did. I found it unconvincing. It doesn't answer the question of why people who use constructions such as "c1alis" and "pen!s" to circumvent spam filters would want to purge their lists of valid e-mail addresses. The PR notice explains that Blue sends the spammers, who--remember--are eagerly requesting help with this purge, an encrypted address list that, when run, will purge their mailing lists. It insists that the spammers have no way of identifying the specific, valid addresses on the list.

Something's screwy here. Even postulating a certain amount of paranoia on my part, I cannot believe that Sam Spam is looking for help in removing people from his address lists. Further, I cannot credit an assertion that spammers--who have some very good programmers of their own--are incapable of cracking its encrypted "opt-out" list.

Has anyone else looked at this?

Judy G. Russell
April 21st, 2006, 08:20 PM
Has anyone else looked at this?Nope, but I'm with you. I would beware of anything that sounds like spammers getting religion.

Mike
April 22nd, 2006, 12:34 AM
I'm twice as skeptical as you and Judy put together.

Judy G. Russell
April 22nd, 2006, 07:51 AM
I'm twice as skeptical as you and Judy put together.And that is saying something indeed!

sidney
April 22nd, 2006, 08:22 AM
Google recommends it for download and use with gmail
[...]
It insists that the spammers have no way of identifying the specific, valid addresses on the list

Do you have a link to where Google recommends Blue Frog for download? Or do you mean a Google search comes up with hits or ads recommending it?

Reading their FAQ, it is kind of true that spammers have no way of identifying the specific valid addresss on the list, but that statement is quite misleading.

Blue Frog has two parts to the opt out procedure.

Part one is that you report spam to them. They have people supposedly manually verifying the spam you report, looking up any web sites in URLs advertised in the spam, and figuring out the proper links to post a complaint to those web sites. This hooks in to your installation of Blue Frog in some way so that your browser follows a script that posts a complaint to the web site, once for every spam you report. The complaint does not say what your email address is, so the spam website can't remove your name from a list if they had one, but also can't add your name to a list. Instead the complaint tells them to contact Blue Security. The web site owner, receiving a ton of complaints from the form on their web site, and naturally having to read every one of them personally, follows the instructions in the complaints and contacts Blue Security to arrange to use their Do Not Intrude Registry. Of course they will do that because every web site owner pays attention to the complaint form on their website so they can be better at selling C!al1s and Hot! Teen! Action! to their customers. Assuming that the spam contains a URL, and that the web site has a complaint form. I haven't visited enough porn or g3n3r1c v!@gra sites lately to know how common it is for them to have feedback or complaint forms.

That brings us to Part Two. The web site owner, discovering that the result of hiring the Russian Mafia to distribute 10 million emails through thousands of virus infected home spambots is that they receive thousands of automated complaint forms from Blue Frog customers, naturally contacts Blue Security and finds out about their Do Not Intrude Registry which can stop the complaints. Blue Security sends them a copy of the Registry, which I guess they send to the Russian Mafia demanding that it be used with their spambot software to filter their mailing list if the R.M. wants to keep that web site owner as a customer. The Do Not Intrude Registry does not contain actual email addresses. Instead, Blue Security takes the email addresses, adds a bunch of fake email addresses and spamtrap addresses, then converts each email address into a 128 bit number using what is called a hash function. Presumably they use MD5, which is the best known 128 bit cryptographic hash function. They then chop off the last 98 bits of the hash, resulting in a 30 bit number for each email address. Then they throw in a bunch of random 30 bit numbers, just for good measure. The resulting combined list of 30 bit numbers is what is sent to the spammer website owner to be sent on to the Russian Mafia spam mail service. There really is no way to recreate the original list of email addresses from that mess.

The Russian Mafia runs their mailing list through the Blue Security software which computes a 30 bit number from each email address and sees if that number is in the Registry list. If it is, either the email address is that of a Blue Frog customer, or else it's a red herring. Either way, RM will not send spam to the address because they don't want to upset the web site owner who is, after all, their customer, and the web site owner is so upset by the flood of Blue Frog generated complaints posted to the web site complaint form.

So next time you see spam that advertises a web site, don't just delete the spam. Visit the web site and use any available feedback for to post a complaint. And not just any complaint, but one that will convince the web site owner to insist on their rights as a customer of the spam mail service to have the spam sent only to confirmed opt-in addresses that want to receive the ads and so will more likely buy from the web site.

This will definitely make a big dent in the amount of spam in the world. :p :p :p


By the way, a little more seriously, one of the most effective filter rules in SpamAssassin has turned out to be the one that identifies the web sites in URL links in an email and looks up the domain name in an online database of sites that are known to advertise via spam. The database is compiled from reports made to SpamCop and some other services. So the idea of reporting spam to someone who will keep track of the web sites that spams advertise, and doing something based on that tracking of web sites, is a good idea. But asking the web site owner to remove your name from their lists is one of the poorer suggestions.

-- sidney

rlohmann
April 22nd, 2006, 07:00 PM
Do you have a link to where Google recommends Blue Frog for download? Or do you mean a Google search comes up with hits or ads recommending it? It was a link to Blue Software on the gmail in-box page.

Part one is that you report spam to them. They have people supposedly manually verifying the spam you report Given the sheer volume of spam, I find that difficult to believe.

... looking up any web sites in URLs advertised in the spam, and figuring out the proper links to post a complaint to those web sites. This hooks in to your installation of Blue Frog in some way so that your browser follows a script that posts a complaint to the web site, once for every spam you report. The complaint does not say what your email address is, so the spam website can't remove your name from a list if they had one, but also can't add your name to a list. Instead the complaint tells them to contact Blue Security. The web site owner, receiving a ton of complaints from the form on their web site, and naturally having to read every one of them personally...[/quote[ Why does he have to read them personally?

[QUOTE=sidney] ... follows the instructions in the complaints and contacts Blue Security to arrange to use their Do Not Intrude Registry. Of course they will do that because every web site owner pays attention to the complaint form on their website so they can be better at selling C!al1s and Hot! Teen! Action! to their customers. Is there supposed to be a ":)" in here somewhere?

That brings us to Part Two. The web site owner, discovering that the result of hiring the Russian Mafia to distribute 10 million emails through thousands of virus infected home spambots is that they receive thousands of automated complaint forms from Blue Frog customers, naturally contacts Blue Security and finds out about their Do Not Intrude Registry which can stop the complaints. Again, assuming you're typing with a straight face, why do the spammers care who complains. They may be mildly annoyed at not having any valid addresses attached to the complaint, but they have "delete" keys on their computers, too.

[Discussion of hash tables] The resulting combined list of 30 bit numbers is what is sent to the spammer website owner to be sent on to the Russian Mafia spam mail service. There really is no way to recreate the original list of email addresses from that mess. I still don't understand why the Fake-Viagra King has an incentive to do this.

Anyway, although I've now gained a dim understanding of the workings of the Registry, I am still mystified at the idea that a spammer wants to know who doesn't want spam.

sidney
April 22nd, 2006, 07:24 PM
Is there supposed to be a ":)" in here somewhere?

Yes, insert a :) everywhere you expressed a lack of understanding as to why it would work that way ... You did understand me perfectly. The strange thing is that the Blue Frog people could present this with a straight face. The fallacies include 1) much spam does not include URLs to websites; 2) if the spam is advertising a web site, there is no reason for the owner to even have a form for opting out of their spam mailings or for complaints or feedback; 3) if Blue Frog is at all successful there is no way they can manually identify spamvertised web sites and the complaint link for each and prepare a script to automate filing a complaint to the particular form used by each; 4) if a spamvertised web site does have a customer feedback or request form they have no reason to not simply delete complaints about spam; 5) even if they cared a tiny bit, they have no control over who the spam mailing service they hired (who may very well be connected to the Russin Mafia) actually sends spam to; 6) the spam mailing services get paid to send X million emails, not to send X million emails to valid addresses of people who have not indicated that they don't want spam. Their customers pay for the results they get and don't care how much wasted email is used to get the results. The spam mailing service has no reason to conserve bandwidth when they are using botnets of infected machines to do the actual work.

Here are the missing smileys from my last post:

:) :) :) :) :) :)

-- sidney

rlohmann
April 23rd, 2006, 04:28 PM
<exhaling shakily>

Thank you. :)