New spam-fighting technique criticised

Escalating the war on spam, a California company wants to let thousands of users collaborate to disable the Web sites spammers use to sell their wares.

A leading anti-spam advocate, however, criticised Blue Security Inc.'s Blue Frog initiative as being no more than a denial-of-service attack, the technique hackers use to effectively shut down a Web site by overwhelming it with fake traffic.

"It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail.

"Deliberate attacks against people's Web sites are illegal."

Levine recalled a screen saver program that the Web portal Lycos Europe distributed briefly last year. The program was designed to overwhelm sites identified by Lycos as selling products pitched in spam.

Eran Reshef, Blue Security's founder and chief executive, denied any wrongdoing, saying Blue Frog was merely empowering users to collectively make complaints they otherwise would have sent individually.

Here's how the technique works:

• -- When users add e-mail addresses to a "do-not-spam" list, Blue Security creates additional addresses, known as honeypots, designed to do nothing but attract spam.
• -- If a honeypot receives spam, Blue Security tries to warn the spammer. Then it triggers the Blue Frog software on a user's computer to send a complaint automatically.
• -- Thousands complaining at once will knock out a Web site and thus encourage spammers to stop sending e-mail to the "do-not-spam" list.

Reshef acknowledges that the technique only works if enough users -- say, 100,000 -- join. The programme is initially free, but Reshef said Blue Security might eventually charge new users.