Exploring real, legal, scalable, and safe ways to stop illegal and unwanted email

External Projects


The Habu Project


More Info

Spam backscatter and joe-jobs



KnujOn Thunderbird Extension

The wakeup call

I was a strong supporter of the Blue Security company's answer to spam - finally, a smart idea that was actually working.  My spam was vanishing rapidly, and instead of wincing each time I saw yet another clever scam (knowing that hundreds of unwitting users were already entering their PayPal passwords, bank ATM PINs, and social security numbers...), I could forward them all on to be processed en masse, much quicker and more efficiently than I could do it by hand.  The appropriate authorities were notified immediately, ISPs were contacted to pull the plug on scam sites, and a generic unsubscribe message was submitted to the advertised website, notifying them once per spam that they needed to clean their lists.

The legal and mostly-legal bulk emailers didn't mind -- they could easily strip their lists of people who weren't potential clients anyway, and avoid trouble with a minimum of effort (major bulk email tools quickly incorporated the Blue Security list cleaning software).  But the scam artists, the phishers, the swiftly spreading branches of organized crime on the internet - they were not pleased.  One in particular attacked Blue Security's webhosts, DNS hosts, clients, and users viciously, demolishing their "achilles heel": a weak business model based on venture capital (conditional on forecasted profits, of course).

In the process, thousands of other websites and services that happened to be caught in the crossfire were crippled or knocked offline during the attack.  Read more about it on the Blue Frog Wikipedia article.

This was my wakeup call.


Suddenly, spam doesn't seem so innocuous

I don't have a lot of free time.  I'm an independant developer with plenty of active projects, and a separate online business that I maintain in the time that's left over.  But all of a sudden I realized that spam is not just a matter of unwanted email that can be (mostly) filtered out with the right software.  Spam is a powerful tool for criminal elements that have the standard enforcement groups baffled and overwhelmed.  Instead of thinking of how spam, phishing, and scams bother me, I started thinking about the long term dangers to all of us, the internet developer community of course (who, it's now clear, stand to lose everything if we get in the way of the wrong spammer!), but also the new internet users coming online every day...  I depend on them for my livelihood.  If we can't stop the rising tide of increasingly convincing phishing emails, scams, and spam, they're going to stop coming online - they'll go back to the solid, dependable storefronts that they can trust, that don't suddenly disappear right after they get a credit card number, that don't flood mailboxes with mail pretending to be something it's not, or is packed with hardcore incest porn.

And of course, now that BlueFrog is gone, my spam level is ramping up... even more than most people, because the spammers continue to use the BlueFrog list for spam reply-to addresses, so I get a lot of spam backscatter... usually just 20-30 a day, but sometimes in the thousands. 

So, what next?

Well, the first thing I did was create a brand-new online identity.  I thought up a nickname, got a gmail account, and set up a website here... where I don't have to register a domain name (which could be tracked back to me) or associate my real name with anything.  Am I being paranoid?  Sure - but if my efforts start to make a real difference in the fight against illegal email, I could easily be the target of a devastating attack.  Now I know what that can mean... and I certainly don't have the resources I'd need to stay in business.  Right now, the "bad guys" are earning so much money, and have so many resources, they can shut down almost anyone.

If enough people get involved, though... that will change.

Currently I'm submitting spam email to the KnujOn project as a beta user, and participating in the Okopipi project developing a replacement for the Blue Frog client that won't have the centralized weak points of the original model.