Spammer Threatens No-Contact List Registrants with More Spam

In what appears to be a glaring example of do-not e-mail registries’ security risks, subscribers to anti-spam concern Blue Security’s “do-not-intrude registry” have begun receiving threatening messages.

Menlo Park, CA-based Blue Security employs a piece of software that visits companies’ Web sites when they are deemed to have sent unsolicted e-mail to one of its subscribers. The software finds complaint or opt-out forms on the companies’ sites, and automatically fills them out and sends them. The idea is that when Blue Security’s subscriber-base becomes large enough, the onslaught of complaints from registrants’ computers will be crippling enough to convince the offending spammers to stop mailing Blue Security subscribers.

Blue Security claims 500,000 registrants.

One spammer has apparently identified e-mail addresses on his own list that are also on Blue Security’s registry, and is threatening the address owners with more spam unless they opt out of Blue Security’s service.

“You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com,” the typo-ridden e-mail begins.

“You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

“How do you make it stop?

“Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity’s database, if you arent there.. you wont get this again.

“We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

“By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.”

The incident comes at a time when e-mail marketers are battling the spread of so-called child protection do-not-e-mail registries in the U.S. The registries have been implemented in Utah and Michigan and more states are considering them.

Marketers and the Federal Trade Commission contend that no matter what security steps do-not-e-mail-list operators take, the registries are vulnerable to people with bad intentions who use the list-scrubbing process to extrapolate names.

Blue Security claims the spammer isn’t collecting names from the registry, only identifying names on it that he already has. However, the incident underscores Marketers’ and the FTCs’ warnings on the hazards of no-e-mail lists.