Blue Security, which debuted its spam-fighting service last summerand built up a user base of more than 500,000, decided to wave the white flag after its servers were knocked offline by an aggressive denial-of-service (DoS) attack it claimed was launched by a deep-pocket Russian spammer tagged as "PharmaMaster."
May 3, in an attempt to get out the word about the DoS, Blue Security repointed its domain to an unused blog on Six Apart's TypePad blogging service. Within minutes, PharmaMaster attacked the blog with another DoS, which brought down Six Apart and left millions without access to their blogs. Blue Security's domain name service provider, Tucows, was also hit with a DoS and knocked offline for several hours; Tucows going down took thousands of Web sites it hosts with it.
Wednesday, Blue Security said it had to give up because it couldn't sustain the fight against spammers. "Several leading spammers viewed [us] as a strategic threat to their spam business," Eran Reshef, Blue Security chief executive wrote in the message posted to the company's site.
"After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.
"As much as it saddens us, we believe this is the responsible thing to do," said Reshef, who did not respond to an e-mail requesting additional comment. Later Wednesday, a spokesman said that the company would not be making any additional statements beyond the message on its site.
"I'm not surprised that they shut down," said Todd Underwood, chief of operations and security at Manchester, N.H.-based Renesys, an Internet monitoring and routing analysis firm. "People who go after spammers get attacked by spammers."
Underwood added that although Blue Security was doomed to fail, it should have been able to weather these first rounds of attacks. "It was apparent how ill-prepared they were to deal with a DoS attack. They could have lasted a lot longer if they had been prepared."
Reshef admitted as much after the URL redirection brought down TypePad. "It wasn't the best decision to reroute traffic to TypePad," Reshelf said then.
Blue Security's model -- an automated agent sent an opt-out request in a tit-for-tat whenever a user received a spam message -- could only have worked if it accumulated a base large enough that spammers would find it impossible to strike back, Underwood argued.
Its surrender, though regrettable, was the right decision. "It was always clear that they would subject innocent users to attacks. There's simply no way to directly attack spammers that doesn't risk significant collateral damage," Underwood concluded.
Currently, Blue Security's Web site is offline. It's not clear, however, whether the situation is temporary, or if the company has closed the site for good.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Comcast
Comcast Business Learning Center

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

eSentire
Managed Detection and Response 360

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

Dell Technologies
Dell Technologies Server Learning Center
