Welcome to the SecAware blog

I spy with my beady eye ...

2 May 2006

Toast the Blue Frog

Further to our blog entry of April 10th, we received the following spam today:
Hey, You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com). You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally. How do you make it stop? Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again. We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result. By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this. Why are we doing this? Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails. Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity. Just remember one thing when you read this, we didnt do this to you, BlueSecurity did. If BlueSecurity decides to play fair, we will do the same. Just remove yourself from BlueSecurity, and make it easier on you. Sergio Sheldon

Regardless of the veracity of the spammer's claim, regardless of the mechanism of the (alleged) compromise, I for one am not willing to take the risk. Blue Security is toast. Bye bye blue frog.


  1. So, anytime anyone threatens you, your considered response is to fold? That really makes you safe (as in, a safe target for criminals).

    By not being 'willing to take the risk', you guarantee that spamming will continue, and most probably increase. The only way to get spammers to leave you alone is to be part of a community that reports all spam, and increases the cost to the spammers, or those who hire them.

    Their threat is an empty one. If they spam you more, you report more, and, hopefully, they lose more of the bots they depend on. And their costs increase. Their whole business model depends on miniscule costs.

  2. No Roger, that's not the only way to get spammers to leave us alone. There are many other things we can, and indeed do, do. We're certainly not giving up the fight against spammers. I'm just pointing out that Blue Security is not the wonderful solution it once seemed to be.

    Thanks for your input though. I'm glad I'm not the only one reading this blog!!