Users who download the free software then provide the year-old California company with their email addresses, which Blue Security adds to its Do-Not-Intrude Registry. In addition, Blue Security creates several more email addresses based on the clients’ information. The idea is to magnify the spammer's target so that Blue Frog can then launch an effective counteroffensive.
When spam arrives, Blue Frog checks it against similar spam that has appeared in the inboxes of other users, then begins a process of attempting to contact the spammers, asking them to download Blue Security’s address-removal compliance tool. If all other methods of contacting the spammer fail, Blue Frog launches a DOS attack on the offender's servers.
The DOS attack is a coordinated effort involving each of the computers and associated email accounts that received the spam. It ultimately locates any credit card forms on the spammer's server and fills in all available fields with links to the Blue Frog compliance tool.
The mass effort overwhelms servers or at least increases the spammer's bandwidth charges, said Blue Security CEO Eran Reshef, who denies that a DOS attack, which is illegal in the United States, is illegal if it is used to prevent spam.
Blue Security regularly releases press stories about the threats posed by spammers and phishers to enterprise and consumer-level web surfers. Its efforts against spammers have had one unsuccessful precedent, however.
A similar spam counteroffensive by Lycos Europe, which flooded spammers’ mailboxes with links to the “Make Love, Not Spam” website, took down a lot of innocent domains due to spammers’ sharing web hosts with non-spamming businesses.
As a result, many ISPs simply banned Lycos Europe.