News Stay informed about the latest enterprise technology news and product updates.

Blue Security's demise evokes mixed emotions

In this week's Security Blog Log, there's no shortage of opinions on Blue Security's decision to fold after its antispam crusade put its customers at risk.


Security Blog Log

Cruise the blogosphere this week and you'll find no shortage of opinions on Blue Security's decision to fold after its antispam crusade backfired.

The Menlo Park, Calif.-based company announced it would close Wednesday, following a massive denial-of-service attack spammers launched against it a couple weeks ago in retaliation for its aggressive spam-fighting tactics.

Blue Security had been having its 522,000 users fight back against the spammers by flooding them with simultaneous return e-mails, leading the spammers to counter-attack with the denial of service that crippled numerous other Web sites, including popular blog-host sites TypePad and LiveJournal.

Blue Security CEO Eran Reshef used his company's blog to defend the firm in its battle against spam and explain the decision to close up shop.

"When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the Can Spam Act, we could reduce the amount of spam on the Internet," he wrote. "Over the past few months we were able to leverage the power of the Blue community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users."

About Security Blog Log

Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at

Data storage bills go to extremes

Are certifications silly?

Burning about Firefox recruitment

Then an alleged spammer known as PharmaMaster launched a counter-attack two weeks ago -- not just the denial of service, he said, but an email campaign to intimidate members of the Blue community.

"After recovering from the attack, we determined that once we reactivated the Blue community, spammers would resume their attacks," Reshef continued. "We cannot take the responsibility for an ever-escalating cyberwar through our continued operations."

He ended with a promise to develop Blue Security's technology in new directions and somehow use it to give back to the community.

Reaction was mixed throughout the blogosphere.

The Techdirt blog expressed skepticism over Blue Security's spam-fighting tactics and the risks involved. But it still sees the company's decision to close as bad news.

"It certainly will embolden spam attackers to hit hard at anyone who takes them on," the blog said. "In the end, perhaps that was the worst legacy of Blue Security's system. It simply escalated the war with spammers to new, unfortunate, levels."

The response thread to that posting showed the full range of emotions.

Two bloggers lamented that more companies aren't standing up to spammers as Blue Security did, and that one of the big reasons is money.

"Poor Blue Security. [There's] no one else with any backbone to join them?" one blogger asked. "If the infamous pimple-headed teenage hacker geeks want a noble project for their idle hands and minds, why not sic them on the spammers? Now there, perhaps, would be a project worthy of their talents."

Another blogger said, "Blue Security was a very good idea. Unfortunately, some corrupted people at large ISPs and providers were against the idea of having their bribes from the spam mafia taken away. There is no defense against spam when the major Internet providers are all into it as well."

Not all respondents were sympathetic to the antispam firm. One wrote that Blue Security's business model was based on "two stupid and long-discredited ideas" -- responding to abuse with abuse and trying to build an opt-out list. "So I'm quite glad to see them go; there's enough stupidity on the 'net as it is, and we really don't need any more," the blogger wrote.

Blue Security customer CS Shyam Sundar said on his blog that he was taken aback when he first heard of the vendor's demise.

"I was shocked for a moment, but then eventually recovered. They give their own reasons, but in my opinion Blue Security's Blue Frog did a good job. Their service remarkably reduced my spam," Sundar said. "Anyways, this 'PharmaMaster' cannot live for long."

The whole affair shows that those who "screw with a multi-million dollar spam business … get the horns," IT professional Todd Towles wrote in his Technocrat blog. "Welcome to the world we live in."

Dig Deeper on DDoS attack detection and prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.