Spamfighters Get A Hold Of Spammers' Incoming Mail 274
Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously,
the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels.
Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a
very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."
I don't suppose (Score:5, Funny)
Re:I don't suppose (Score:2, Funny)
Re:I don't suppose (Score:2, Funny)
Softly crying wet tears
Of ophidian origin.
Make Money Fast!
I guess... (Score:5, Funny)
Errr...isn't this illegal? (Score:5, Insightful)
Re:Errr...isn't this illegal? (Score:5, Insightful)
If they wanted their email, why did they suddenly drop the domain and run?
Re:Errr...isn't this illegal? (Score:3, Insightful)
Unless there were particularly sensative contents in the emails, acompanied with the disclaimers a lot of businesses append to emails about if your not the rightful recipient, you should and shouldnt do X, Y and Z.
Re:Errr...isn't this illegal? (Score:3, Insightful)
To me, your analogy seems more like some apartment landlord sold the property to someone else. And that new owner is going around to
Re:Errr...isn't this illegal? (Score:3, Interesting)
I go along with the 'Current Resident' model for resolving the legalities of this question. My plaintext e-mail is NOT protected by a password, my POP3 mailbox IS so protected. If I want the MAIL itself protected by a password, I should send it encrypted (privacy assured) and signed (authentici
Re:Errr...isn't this illegal? (Score:3, Insightful)
They own the domain.
Yes, but not the email that is sent to the domain.
The owner is the author of each email, and the mail is not intended for them.
I completely fail to see how on earth it could possibly be legal to not only set up the domain to receive mail for all (nonexisting) addresses (knowing you are going to receive far more than just *your* email) but also to publish [cyberangels.nl] said email on a website.
Re:Errr...isn't this illegal? (Score:2, Interesting)
If they wanted private email, they maybe shoulda used something like PGP or something like TLS to authenticate. I would think that spamvrij.nl didn't get access to any private keys or certi
Re:Errr...isn't this illegal? (Score:2)
If they wanted private email, they maybe shoulda used something like PGP or something like TLS to authenticate.
You're being childish here .. The question is about legality of the actions, not if they "could do it", as seems often to be used to justify bad things ..
Re:Errr...isn't this illegal? (Score:2, Funny)
Dear ex-cyberangels, we've received a fair amount of email for you, but as we don't have a forwarding address we've uploaded it to a web site so you can access it at your convenience.
I wouldn't want my email read by others, but then, I'd arrange with my contacts to forward my mail elsewhere, or at least inform them I've moved address.
Re:Errr...isn't this illegal? (Score:2, Interesting)
Ooh! The Open Source bad analogy! Publishing the spammer's email allows a distributed analysis by spam-fighters world-wide. Possibly someone has information about these criminal activities that wouldn't be connected without access to the emails.
I hope that they checked the legality under Dutch law first, so it's probably/hopeful
Re:Errr...isn't this illegal? (Score:2)
Re:Errr...isn't this illegal? (Score:2)
Now, as for the previous owners of Cyberangels (I believe Martin still denies any connection), their rights are murkier and probably
Re:Errr...isn't this illegal? (Score:3, Insightful)
There is no law in any country that affects e-mail with regard to who actually owns it. You're "theory" (at best) is completely without merit. Since these people bought the domain, it is their right to do whatever they want with the incoming mail.
You are horribly wrong. [fplc.edu]
Re:Errr...isn't this illegal? (Score:4, Insightful)
Re:Errr...isn't this illegal? (Score:3, Interesting)
email is considered to be much the same as normal mail by law here, and so the same secrecy/privacy laws apply to it.
so, this could(probably would) be a case where you moved in a house and then received mail that was supposed to go the earlier owner of the house. you are not allowed to read through it and do a complete analysis of the psyche of the previous occupant, even if he was a convicted murderer and got hauled out of the house because of that.
that is why there is so much
Re:Errr...isn't this illegal? (Score:5, Insightful)
I'd go with Immoral more than illegal - since they ARE the registered owners of a domain that was voluntarily dropped, they are technically the "owners" of that mail at this point in time.
Mind you, there's probably a few hundred lawyers out there who were spammed previously who'll defend them if it becomes an issue ;)
Ian
Re:Errr...isn't this illegal? (Score:5, Informative)
Yes, that's fine. (Score:4, Interesting)
But receiving and publishing private correspondence that's destined for someone else is not. When you purchase a domain someone els used, it's NOT the same thing as purchasing their business from them.. it doesn't automatically entitle you to anything.. other than the domain.
Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.
Re:Yes, that's fine. (Score:2, Interesting)
I wonder if cyberangels did this. I suppose not. Care to guess why?
Re:Yes, that's fine. (Score:2, Informative)
But receiving and publishing private correspondence that's destined for someone else is not.
Email is not private correspondance. There is no realistic expectaion of privacy with email, as anyone with access to any of the servers, routers, or networks your email traverses is completely within their rights to examine that email. Courts have repeatedly upheld this. How many times do we have to say "email is like a postcard; PGP is like an envelope"?
Re:Errr...isn't this illegal? (Score:5, Insightful)
Re:Errr...isn't this illegal? (Score:2, Interesting)
<br>
This is true for <i>almost</i> all of the mails. There seems to be one of the two business emails included that they use as <a href="http://www.cyberangels.nl/evidence/mailmart i jn.html">evidence</a>.
<br><br>
IANA L, so I don't know if it's illegal, but I think it is difficult to say it's not immoral. One could say that the cause justifies the means...
Re:Errr...isn't this illegal? (Score:2)
If people wanted email to be private they would encrypt it.
And any excuse about them "not knowing how" is about as relevant as people not knowing what an envelope is (or indeed caring)
Re:Errr...isn't this illegal? (Score:3, Insightful)
Who do you think you are, that you can make that decision for the actual mail recipient?
Re:Errr...isn't this illegal? (Score:2, Interesting)
I very much doubt that this could be validly considered illegal in this sense. Immoral...that depends. If you sign up with an ISP and end up with a mail address that used to belong to someone else, it'll be difficult for you to determine which mails are intended for you without reading them.
A solution could be to have a time (e.g. 6 months) during which a domain can't be
I bet the new owners would forward it for them... (Score:2)
Re:Errr...isn't this illegal? (Score:5, Funny)
Re:Hey! (Score:2, Interesting)
On a different subject, Karin Spaink was mentioned to belong to the anti-spam group. She is also the one who won the lawsuit that Scientology started against her for publishing excerpts of their trade secrets on the web.
Re:Errr...isn't this illegal? (Score:2)
Re:Errr...isn't this illegal? (Score:2)
I'm sure there are many people who think it would be a great moral good if all the spammers in the world had their fingers broken...
Hold on... (Score:2, Funny)
Re:Hold on... (Score:2)
I wonder... (Score:2, Funny)
Haha! (Score:3, Funny)
The trolls strike again!
This is Awesome (Score:4, Funny)
limited access (Score:4, Funny)
I guess I'll simply check my mail to see what these spammers are up to today.
Re:limited access (Score:2, Informative)
Not much success there... (Score:5, Funny)
So, lessons to be learnt here if you're a spammer:
1. Give up - it's clearly not worth the effort; or
2. Keep at it - if at first you don't succeed, try again!
Now if only we could somehow get them all to learn lesson 1 instead of lesson 2 then we'd be home and dry.
Re:Not much success there... (Score:5, Insightful)
You know, I was just putting together a response that said this too. Then it dawned on me - of course there weren't any positive responses via email, all the reply addresses on spam are faked anyway.
Sadly, this encouraging count of zero doesn't actually reflect the number of potential respondants to spam. For that, we'd need to know if anyone called any of the telephone or fax numbers they list.
Cheers,
Ian
It is from people setting forwards. (Score:5, Interesting)
if in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.
translated:
This is not from normal bounces, this is from people whose e-mail was abused and set a forward on the bounces to cyber angels, OR (less) from people who had more intelligent bouncers, and bounced to the correct domain.
So this is very very small percentage of the total e-mail sent.
Re:Not much success there... (Score:2)
Re:Not much success there... (Score:2)
Not in three days. (Score:5, Informative)
They are wrong. Look in the page linked [cyberangels.nl]:
Introduction: 6305 mails in (basically) one day
Re:Not in three days. (Score:3, Insightful)
It kind of depends on how you count the mails
YS
I looked, three days (Score:3, Insightful)
Until now - 06-07-2003, 23:00 GMT+1
Friday was 04-07-2003, 6305 messages received on the 4th of July, the 5th of July and the 6th of July
Bevelander (Score:5, Informative)
Latest news (in Dutch):
http://www.webwereld.nl/nieuws/15564.phtml
Re:Bevelander (Score:5, Informative)
Photo of alleged spammer (Score:2, Funny)
The text says that his teachers predicted he would end up in the gutter. At age 16 he started his own Internet company. "If I end up in the gutter, it will be my gutter!", he defiantly said.
I guess his teachers were right after all...
Re:Photo of alleged spammer (Score:4, Interesting)
He is friends with this guy [theregister.co.uk]. And I mean, good friends. There was a third guy (American) who brought them together. The Fluffi Bunny guy was into serious fraud (hell, I've seen it happen first hand, stolen credit cards used in night clubs in London, heavy drugs, etc.).
I am not surprised that now Bevelander is under the spotlight. He was a criminal two years ago when I met him. He is a criminal now.
Re:Bevelander (Score:2)
I hope he comes to visit me. Would be fun to read on the internet:
Dutch spammer forced to eat printouts of 3500 commercial emails.
Re:Bevelander (Score:3, Interesting)
A couple of years ago (the dot com bubble was still hot), the biggest Dutch tabloid newspaper De Telegraaf carried an article about him, in which he portrayed himself as the Next Big Thing (tm) to happen to the internet, likened himself to Uncle Scrooge, Bill Gates etc.
A couple of days later it turns out his "anonymous venture capitalist" is his rich daddy..
And the big and impressive colour picture of him amidst the 19" racks with servers, routers, storage units, ups's, cables etc
I don't believe these numbers... (Score:5, Interesting)
We received 5880 bounces and forwards
We received 12 spams for @cyberangels
We received 40 attempts to annoy Cyberangels
We received 371 complaints about Cyberangels
We received 2 business mails"
In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars!
I don't either! (Score:3, Interesting)
What I can't believe is that they didn't get more *dictionary* attacks than that, I mean, ba@cyberangels.com should have gotten spammed like crazy with such a short username.
Could it be that since they have so little non-spam-related activity that spambots didn't up the domain?
Re:I don't either! (Score:3, Insightful)
Re:I don't either! (Score:2)
That's what I'm thinking. But I've heard of guys hosting their own domains get hit with dictionary by spammers who I guess are too dumb to check that out. So I do think these guys got lucky on the whole.
Actually, my new theory is that spammers don't spam spammers for the same reason that snakes don't bite lawyers: professional courtesy. ;)
Analysis... (Score:5, Funny)
IF I EVER MEET YOU I WILL KICK YOUR ASS
What astonishes me (Score:5, Interesting)
I had hoped for some accurate stats on the actual response rates to spam. I have heard rumors flying around that they are insanely low, like
Glad to see these spammers were shut down, but we need more insights into the way they operate in order to shut them all down.
Re:What astonishes me (Score:2)
Only 6000? (Score:4, Informative)
Address spoofing. (Score:2, Insightful)
Re:Only 6000? (Score:3, Informative)
Introduction: 6305 mails in (basically) one day
We received 5880 bounces and forwards
We received 12 spams for @cyberangels
We received 40 attempts to annoy Cyberangels
We received 371 complaints about Cyberangels
We received 2 business mails
I'll leave it up the regular reader to multiply by three
Re:Only 6000? (Score:4, Informative)
The spams were sent using a forged return address. One small Dutch provider got fed up with them, and now forwards all mails to our ripe-contact address.
AFAIK there were no bounces directly to @cyberangels.nl.
Erik Hensema (secretary of the spamvrij.nl foundation).
Interesting autopsy (Score:5, Insightful)
Re:Interesting autopsy (Score:3, Informative)
Spammers (Score:5, Interesting)
1. Spam me
2. Ignore me if I want to buy there product
3. ???
4. Profit!
The Ol' Gay Porn Tactic (Score:5, Funny)
Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine. Gets 'em every time.
Re:The Ol' Gay Porn Tactic versus 20 Pizzas (Score:2)
Re:The Ol' Gay Porn Tactic (Score:2)
I wonder if there are any legitimate consumers of gay porn email lists, or if they are exclusively used to annoy people?
Only one way to make money for Spammers - steal it (Score:5, Interesting)
Good for them! (Score:5, Interesting)
Taking on spammers nd $cientologists. Damn. She's got guts.
Re:Good for them! (Score:5, Interesting)
The Scientologists have sued her some (long) time ago over a copyright issue, and she won. They've sued her again, and that trial is in an extremely weird state -- the judgement keeps getting delayed. Every day when the judgement becomes due (the Dutch courts apparently say in advance when they will have a decision) the court announces that the judgement has been delayed a few or many months, and announce that new date. So far, it has been delayed, I believe, 6 times, and is coming up for a new date very soon -- when it will probably be delayed again.
Go Karin!
thad
Re:Good for them! (Score:5, Funny)
Re:Good for them! (Score:4, Interesting)
There a number of people who dislike the actions of Co$ and can't stand spammers either. I'll tell you, after being threatened by Co$ [xenu.ca], the threats of a punk spammer seem pretty lame.
Re:Good for them! (Score:3, Informative)
Friends of Mr. Bevelander (Score:5, Interesting)
How do we know this isn't a new spam technique... (Score:2, Funny)
All I want to know is... (Score:4, Funny)
You know you are a sysadmin when... (Score:5, Funny)
Somebody believed that a Cyberangels' dick was too small.
as:
Somebody believed that a Cyberangels' disk was too small.
I was like wtf? Disk too small? Not enough space in the
Then, I re-read the line, and I went:
Oh, THAT thing is too small... =)
A gem... (Score:5, Funny)
Both ba@cyberangels and ripe-contact@cyberangels recieved some spam:
1. Mr. RASHEED BELLO sent ba@ six Nigerian scams;
2. @yahoo.com.cn spammed four times with something rather illegible;
3. Mr. Ken Titoh was hoping to assist Mr. ERASHEED BELLO;
4. Somebody believed that a Cyberangels' dick was too small
Oh the irony... (Score:2, Funny)
Re:Oh the irony... (Score:3, Interesting)
Funny, 80% of my email is just SPAM (Score:5, Interesting)
BECAUSE of the spammers I did have to pay extra. Long ago went to broadband type connections starting with ISDN (still backup and my only phone lines) to 10Mbit wireless uplink today (sweet). Funny, but I am STILL paying for the bandwidth and SPAM still annoys the hell out of me personally.
So -- to get it under control I baited the spammers (and still do
Me, myself, and my wife -- here's my stats for the entire month of June:
Outbound (work): 60 (1.74%)
Outbound (personal): 49 (1.42%)
Notes to myself: 89 (2.58%)
Inbound to me: 422 (12.24%)
Inbound to the wife: 14 (0.41%)
System messages: 68 (1.97%)
System ERROR codes: 2 (0.06%)
Just TESTING: 7 (0.20%)
SPAM TRAPPED: 2738 (79.39%)
TOTAL EMAILS: 3449
Um, Houston
Too bad, so sad (Score:2)
Summary of the article (in case it's slashdotted) (Score:4, Interesting)
Don't go after the dealer...go after the USER! (Score:3, Interesting)
If that's not possible, couldn't someone just host a database that users could add the name (+address/phone info), url, and offending spam-message to? That way an organized boycott/reverse spam/snailmail campaign could be lodged against those who pay to clog the internet with their muck? I couldn't have been the first person to think of this...perhaps something like this already exists?
Follow the Money (Score:5, Insightful)
Spammers are by no means stupid. Above all things they MUST get their money, otherwise none of this is worth doing.
So if the scammers are getting their money, the credit card companies pay them. If the credit card companies pay them...
[1] We have a breach of trust between the credit card companies and the customers. CC companies are not doing their due diligence in brokering payments for product/services. CC companies are issueing clearance of charges to unscrupulous people. We are entrusting them with our financials (whether we choose to "fraud-notify" them or not). They have all the information, both the consumers and the scammers.
[2] The customers complain they never got their product. Report fraud. The credit card companies remove the charge, investigate it or not. This increases cost/risk for the CC companies. Higher interest rates? More cooking the books?
Why is nobody investigating the money side (IMHO the lifeblood of this business) of this problem? As long as we concentrate on the technology, we'll always be distracted from the real solution. It's all about the money in the end.
Anonimity
+ Privacy, Sharing, Voice
- Scams, Theft, Hit/Run
We asked for it.
Re:Follow the Money (Score:4, Interesting)
I'd like to find a financial institution that will give me a credit/debit card number for which they will reject all transactions, and they immediately relay to me any transaction data that comes in over the banking network. That would be a big help in finding spammers.
Re:Follow the Money (Score:4, Informative)
For Visa and Mastercard at least, there are many parties involved in credit card transactions.
* Cardholders are obvious. You, me, anybody can be a cardholder.
* Issuing banks -- these are the companies who actually issue the card, and who own the account the card is attached to. They are responsible for handing out authorizations (approvals, declines, etc) and for moving money between that cardholder's account and the Visa/Mastercard payment transfer system.
* Associations -- there ain't too many of these. Visa is a payment transfer association. Mastercard is a payment transfer association. These associations have rules and regulations, and they interface with a *vendor* in a technical way, and with issuing banks and acquirers in a business/financial way.
* Vendors -- think communications providers. Yes, I thought it was weird terminology too, but in the credit card processing world a 'vendor' is a communication provider of some kind. Vital Processing Inc, BuyPass, NDC, FDR, ADS/SPS/Vectrix, these companies all provide servers and communication paths that help get businesses and banks communicating and doing transactions. These guys have no *financial* link to any transactions.
* Acquirers, like the company I work for. These companies are responsible for coordinating the technical stuff that gets merchants talking to vendors, *and* for establishing and maintaining the business/financial link between the merchant and the association. Merchants sign a contract with an acquirer, and the acquirer is bound by Visa/MC regs -- so the merchant is bound by visa/mc regs. The acquirer is ultimately responsible for its merchants.
* Merchants. These are businesses that want to accept customer payments via credit card.
OK, enough background and terminology. How anonymous can you be if you accept credit cards? How anonymous is the money that passes through the system?
Not very. Not at all, actually. When a merchant signs up for a "merchant account" with an acquirer, they usually pay a rather hefty application fee. The acquirer knows they will be ultimately responsible for this merchant, so they do their homework and make sure this merchant is a good risk.
Why do acquirers have to be so careful? The "case study" threat model to defend against is: merchant runs advertising campaign, gets hundreds of thousands of dollars in credit card sales. Merchant takes these hundreds of thousands of dollars and "runs for the border", disappearing without a trace. After a while, customers start figuring out they aren't getting their widgets and ask their issuing banks to issue chargebacks. Chargebacks come rolling in; acquirer is now responsible for paying back all of that money. Acquirer will now pass those charges on to the merchant -- oh, damn, wait, they're long gone. Acquirer eats the loss. Ow.
Acquirers fight this in several ways. First, they're very careful about who they take on as merchants. Thorough credit checks, sometimes required examples of products, and high standards. Second, for high risk merchants, an acquirer will sometimes withhold payment for a certain amount of time. If an acquirer believes that most customers would issue chargebacks well within 90 days (even though they have up to 6 months) it can hold onto those funds for 90 days. If the merchant ships the goods it promises no chargebacks appear, and the merchant gets their money. If the merchant doesn't deliver goods, the acquirer still has the funds on hand so it can pay the chargebacks out of the merchant's own funds.
With all this in mind, I have some problems with the parent post. I don't believe there was a breach of trust -- the system works the way it's supposed to, because of chargebacks.
Issuing banks are supposed to be fairly liberal about who they grant authorizations to. They can return authorization responses in one of three categories: basica
Name of a rose by any other name (Score:3, Interesting)
Stocks have their regulations and their governing bodies. Banks for Direct Debit are ultimately responsible for who is making wildrawals from our checking accounts. Paypal must eventually disburse payments through something similar.
My point: I'm ready to start pulling all my money out of banks. I've already canceled 2 out of 3 C
Mail from martijn@cyberangels.nl recieved (Score:5, Informative)
So whats the big deal? (Score:3, Interesting)
Signal to noise ratio of 1/6304
So how is this different to anyones email these days?
A more appropriate domain name (Score:2)
Been there, done that (Score:5, Interesting)
Shutting the spammer down took about a month, but ultimately was successful. I got their 24 porno sites, two fake billing sites, and a few other related sites kicked off ISPs from Sao Paulo, Brazil to Brooklyn NY to St. Petersburg, Russia, where they actually were. They've been down for months now, and they are staying down. They don't seem to have come back under a different name; searches for ther subject matter in Google come up empty.
I had the advantage that I own "Downside" as a registered trademark. This gave me some legal leverage.
One useful tactic was to report phony domain registration info to ICANN. Some domain registrars will then lock the domain against changes until the domain owner provides them with valid ID info. If you do that, and you then get them kicked off an ISP, their domain is locked to an ISP that won't host them, and they can't fix it without disclosing their identity to their registrar.
In this case, the spammer had their own DNS server, so they could quickly move their sites from ISP to ISP. But I managed to get all three of the domains that handled their DNS queries locked, then kicked off ISPs, which took down their entire set of sites.
It turned out that the CEO of their ISP's upstream provider in Russia was somebody I knew from the 1980s, so I was able to get even a Russian ISP to cooperate.
You don't have to sit there and put up with this stuff. You can fight back and win.
The one interesting email... (Score:4, Informative)
They list one email as being particularly interesting [cyberangels.nl], as copied below.
For me, the really intriguing bit is that they talk about "hosting" a lot, so much so that it appears to be a codeword for "spamming". Its a fairly obvious thing to do for someone who makes their money off spam - try to keep a low profile and not discuss their business openly.
Actually (Score:4, Funny)
Re:Actually (Score:2)