This Frog’s Gonna Croak, Too

Call it the stupid anti-spam idea with legs. Except now it’s fittingly stupidly named, as well.

A group of anonymous anti-spam activists last week decided pick up in the spam wars where ill-fated start-up Blue Security left off.

Dubbed Okopipi, the new all-volunteer project is named after a poison dart frog found in South America. The name is also a tribute to Blue Frog, the software Blue Security’s members used in their failed attempt to fight spam coming into their inboxes.

Like Blue Security’s scheme, project Okopipi aims to employ technology that automatically clicks through links in spammers’ e-mails to punish senders when inboxes in the Okopipi network receive spam.

And while the project’s coordinators aim to defend against the types of attacks that smashed Blue Security, project Okopipi—which, let’s be honest, just begs for juvenile mockery: as in “Project Oh Go Pee Pee”— will likely fail, as well.

Here’s a tip: If a project’s name is likely to elicit snickers from fourth graders, it’s not likely to be taken all that seriously.

Moreover, the Internet is littered with the bones of all-volunteer projects that fell apart because participants had bills to pay and, as a result, day jobs that made their projects impossible to run.

“I can tell you, having seen projects like this, that there will be a huge burst for about the first month, then people will get busy and it will all kind of drift away and stop,” said John Levine, author of “Internet for Dummies” and a board member of the Coalition Against Unsolicited Commercial Email. “Even if we grant temporarily that it’s a good idea to do this, finding people to carry through with a project of this scope on a volunteer basis is really hard.”

Still, some are determined not to let Blue Security’s flawed business model die quietly. The Israeli anti-spam company threw in the towel two weeks ago after a series of attacks thought to be from a Russian spammer crippled Blue Security’s site and thousands of others.

The new project’s coordinators aim to run it anonymously and spread its servers across multiple locations so they can fire at spammers, and any attempt to fire back in a manner similar to that which crippled Blue Security would be very difficult.

However, “this is exactly the way the bad guys work,” said Levine. Moreover, the idea behind this project has fatal flaws, as well, he said.

“If the goal is to make people feel like they’re doing something about spam, this looks like it should succeed pretty well. If you’re goal is to get rid of spam, then this is completely irrelevant. … The bad spammers don’t have fixed Web sites for you to attack.”

One lesson project Okopipi participants seem to have taken from Blue Security’s implosion is that do-not-e-mail lists pose dangers to registrants.

Before the Russian spammer brought Blue Security’s site to its knees, he reverse engineered the anti-spam group’s do-not e-mail list to identify names on his list that were also on Blue Security’s no-e-mail registry. He then began sending Blue Security registrants e-mail threatening them with more spam unless they resigned from Blue Security’s service.

Though some of Okopipi’s coordinators are aware of the inherent dangers of do-not e-mail lists, the temptation to use one is still there.

“If we don’t use a DNIR [do-not-intrude registry], how do they know whom to stop sending spam to?” wrote one individual in a discussion group on the project “But if we do use a DNIR, the spammers can use it to attack individuals.”

Elsewhere, a post on Internet security-oriented Web site CastleCops under the heading “Thanking all the Blue Security Members” illustrates the vigilante mentality of many of Blue Security’s misguided supporters:

“You guys at Blue Security have no idea how many Blue Froggers are responding to this in blogs and forums all over the internet,” wrote “John.” “The level of enthusiasm is overwhelming because this is what we’ve been waiting for… a big messy ugly bloody fight. We’re loving this. I’m havin’ a ball.

“This is why we became members… not just to decrease spam in our inboxes but to actually get into the fist fight.”

And there you have it. Okopipi isn’t about spam. It’s about lashing out irresponsibly with little concern over potential collateral damage.

Hopefully, this kindergarten-mentality effort will lose steam as predicted. And in the meantime, we can take comfort knowing that as long as Okopipi’s participants are busy with this go-nowhere project, they aren’t creating havoc elsewhere.