Reading the
PCWorld Article should be just about enough, really.
Here is how Blue Security's Blue Frog software and antispam initiative works: When you sign up for a Blue Frog account, you install a piece of software on your PC and get to submit up to three e-mail addresses to Blue Security's Do-Not-Intrude Registry. The company then opens up multiple e-mail accounts on your behalf--accounts you technically own, but never use. Those e-mail accounts are managed by Blue Security and are designed to attract spam.
For starters, if not against the letter, this is against the intention of the AUP for any company offering free webmail. Then there's what they could possibly mean by "designed to attract spam"... I have some ideas what this implies, how one would put email addresses out there, and I'm not too keen on that, but consider that, if they're doing what the want to do well, they've now quadurpled the amount of unsolicited email that's being sent to "you". That's qaudrupled the amount of network traffic that all the various intervening and innocent service providers have to pass through.
[They check messages received for compliance with CAN-SPAM.]
Blue Security says it will attempt to warn noncompliant spammers to stop sending e-mail to the accounts it has set up for you, as well as to the real e-mail addresses you provided during registration. If Blue Security can't contact the spammer, or the spam doesn't stop, things start getting nasty.
And how will they attempt to contact these companies? Probably by sending email to every email address that might be a source, email to postmaster@ for every domain in the headers or body of the message, and so forth. (Actually, not probably. Definitely. I've gotten some of these from unsolicited email spoofing use of a domain I own.) This generates email to email addresses that are probably not monitored, if they are even valid, and which may very well generate bounce messages, which will then be sent back. In short: it will increase by roughly an order of magntitude the amount of email sent as a result of a single unsolicited email, to and through intervening and innocent service providers.
The getting nasty involves sending bogus responses through a web form. That web form had a unique ID in it, which unique ID is associated with the original unsolicited email, and loading the URL demonstrates to the advertiser that someone read the email and followed the link, even if they didn't proceeed to purchase anything (a soft hit). The advertisers uses the numbers of even soft responses to their advertising campaigns to demonstrate to potential customers that their advertising methods worked. So, Blue Security is also adding to statistics encouraging further unsolicited email.
These people are either massively ignorant of how Internet traffic works, never mind how email headers work and ignorant of how their targets' organizations work, or they're actively bad network citizens. I think that their response to an attack on their network is not to drop the traffic but to redirect it to somebody else's network further demonstrates this point.
You are a fool if you support Blue Security.
