What's more, a spammer is attempting to intimidate the Blue Security customers by sending them threatening messages, according to the Israeli company, which in July last year.
"It had to happen. We're amazed it's taken so long," said Richi Jennings, an analyst at Ferris Research.
The Do Not Intrude Registry is a list of e-mail addresses that should not be spammed. It's encrypted, so spammers can't extract the actual addresses. Blue Security fights spammers by crippling their Web sites, in the name of its users, with a flood of complaints. About 500,000 people have signed up for the service, Blue Security said.
But it was simple for spammers to get hold of at least some of the e-mail addresses in Blue Security's registry, Jennings said. "A spammer has taken his list and 'cleaned' it against the Blue Security list. He then compared the original list with the cleaned list to figure out which addresses were removed."
It appears spammers are passing around this list of names that purports to be the Blue Security do-not-spam list. "Levels of spam received by members of the Blue Security list have roughly doubled since May 1," Jennings wrote.
The spam troubles are evidence that the Blue Security approach toworks, company CEO Eran Reshef said in the statement. "This is just proof that the Blue Community is an effective deterrent to spammers that are using unethical and illegal tactics to promote their products and services."
The affected Blue Security users were already getting spam, since the spammers had them on a list in the first place. Now they may just be getting a little more. "This isn't a disaster for Blue Security," Jennings said.
"Spammers are feeling the pressure," Reshef said. "This incident is only a futile attempt by a degenerate spammer to fight back through intimidation and extortion."