Benjamin Juang (ibneko) wrote,
Benjamin Juang

Okopipi to continue where Blue Security stopped...

I don't recall if I posted about it or not, but there used to be an antispam vendor called Blue Security. Blue Security was based on the idea that users could install software called Blue Frog [wiki link - contains more information about Blue Security, the takedown story, etc.], which would contact Blue Security about each new piece of spam, and then Blue Security would reply with instructions for Blue Frog to contact the spammer (usually by way of links provided, to use the web forms there) once per spam e-mail recieved, on how to remove all Blue Security e-mails from their spam lists.

However, spammers got pissed at all the extra not-information they were being flooded with, and did a massive DDoS attack (distributed denial of service attack) on Blue Security, as well as the company blog, which was hosted on, a subsidiary of Six Apart. (Who runs LiveJournal as well, remember?) This was the cause of that decently long LiveJournal outage some time back.

Essentially, Blue Security withdrew, but since Blue Frog was opensource, people picked it up, named it Okopipi that'll work by using P2P methods to automatically send unsubscribe messages to spammers and/or file reports with the proper authorities.

The problem with this, as several security professionals have noted, is that it's quite vulnerable to spammer attacks and misuages, such as including bogus information in the unsubscribe links that would point to a legit site, which would cause the legit site to be flooded. Also, IP addresses of the users would be exposed. Although, if there was enough people, it'd be really hard to spammers to take down everyone.

Also, there's still central server(s) in use, but the location's kept secret... which, security by obscurity, is never good...

I think, a variable blacklist/whitelist might work... to protect legit sites... Users would get to vote a site up or down, and the more accurate your ratings are, the heavier your vote is... this should keep spammers from making a bot to abuse the voting system.

IP addresses, I think, could be protected if there were enough people...... maybe. Can't think of anything else.

You'll find the okopipi website here:

That frog reminds me of Azureus ^^;;
Tags: anti-spam, news, technology

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded