Antispam advocate succumbs to spammer

Eran Reshef, who asked people to bury spammers simply by replying to spam e-mails, falls victim to mass online attack.

Greg Sandoval Former Staff writer

Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.

See full bio

Greg Sandoval

May 18, 2006 5:28 a.m. PT

2 min read

A prominent crusader against unsolicited e-mail ads withdrew from an escalating cyberwar with spammers on Wednesday after his Web site and numerous others came under a massive retaliatory attack.

Blue Security, a company that provided antispam software and was widely praised for orchestrating a kind of do-it-yourself campaign to spam spammers, has "ceased all antispam operations," said Sandra Fathi, a spokeswoman for the company.

The surrender comes after the company's Web site, along with those of many of its partners, were hobbled by a denial-of-service attack earlier this month. The DoS attack, which used thousands of commandeered computers to overload the sites' servers with traffic, is believed to have originated with one Russia-based spammer, Fathi said.

The brazen show of power by the spammer is reflective of the defiant nature of these kinds of rogue advertisers. Almost as old as the Internet, unsolicited e-mail continues to swamp e-mail in-boxes and to clog servers, even as law enforcement agencies and regulatory bodies have tried to stop the practice.

Eran Reshef, Blue Security's CEO, thought he had the answer. He encouraged half a million of the company's customers to send replies to the spam they received. The combined traffic overloaded the spammers' servers and crippled their ability to send e-mails. This resulted in some well-known spam companies agreeing to stop e-mailing Blue Security's customers.

Blue Security's triumph was short-lived. Instead of capitulating, one spammer launched a denial-of-service attack earlier this month. According to security Web site SecurityFocus, the attacks overwhelmed several Web sites and Internet service providers. The spammer then threatened Blue Security.

The company could either shut down or the next attack would include a computer virus.

With innocent companies and Internet users potentially at risk, Reshef had no choice but to yield to the demands, Fathi said.

"The company is unable to fight this battle on its own," Fathi said. "This (spammer) has shown that he's willing to harm hundreds of innocent bystanders...(Reshef) didn't want to take the risk that these other businesses would come under attack."

Blue Security is now trying to determine whether there are other uses for its antispam technology, she said.