Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Spam The Internet

Spamfighters Get A Hold Of Spammers' Incoming Mail 274

Posted by Hemos from the read-the-juicy-bits dept.
Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously, the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels. Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."
This discussion has been archived. No new comments can be posted.

Spamfighters Get A Hold Of Spammers' Incoming Mail More

Spamfighters Get A Hold Of Spammers' Incoming Mail

Comments Filter:

  • I don't suppose (Score:5, Funny)

    by AndroidCat ( 229562 ) on Monday July 07, 2003 @09:34AM (#6382401) Homepage
    that they are getting many eCards of sympathy from other spammers? In that business, I would be surprised if they didn't try to sabotage each other now and then.

  • I guess... (Score:5, Funny)

    by fafaforza ( 248976 ) on Monday July 07, 2003 @09:34AM (#6382402)
    These guys are entitled to wear the "I read your email" tshirts.

  • Errr...isn't this illegal? (Score:5, Insightful)

    by PhysicsGenius ( 565228 ) <<moc.oohay> <ta> <rekees_scisyhp>> on Monday July 07, 2003 @09:35AM (#6382406)
    Or at least immoral? I don't think "the end justifies the means" is really a valid defense, especially as there's no "end" in this case. They are just reading someone else's email. And "White hat hacking" doesn't apply either, as that refers to people who are asked to break in to a computer to test it, not vigilantes like our own Fyodor [slashdot.org], who use their skills to merely harass people that annoy them.

    • Re:Errr...isn't this illegal? (Score:5, Insightful)

      by AndroidCat ( 229562 ) on Monday July 07, 2003 @09:40AM (#6382430) Homepage
      They own the domain. There is possibly an analogy with getting smail for the previous occupant, but it's a very bad analogy. The Post is prepaid and government regulated.

      If they wanted their email, why did they suddenly drop the domain and run?

      • Sending an email is much more like sending a mail thats labled 'The Current Occupier' or some such, rather then a named person at a postal address. They have every right to read it and do what they like with the contents...

        Unless there were particularly sensative contents in the emails, acompanied with the disclaimers a lot of businesses append to emails about if your not the rightful recipient, you should and shouldnt do X, Y and Z.
        • Are you sure email follows the 'Current Resident' labelling? I see it more like a cell phone number. Your email is protected by a password (at some level), so it would be safe to assume nobody else would read it. sure, root@localhost can see it, but in a large networked environment you need to assume root doesnt peek, or you dont send anything sensitive that root may see.

          To me, your analogy seems more like some apartment landlord sold the property to someone else. And that new owner is going around to

          • Are you sure email follows the 'Current Resident' labelling? I see it more like a cell phone number. Your email is protected by a password (at some level), so it would be safe to assume nobody else would read it.

            I go along with the 'Current Resident' model for resolving the legalities of this question. My plaintext e-mail is NOT protected by a password, my POP3 mailbox IS so protected. If I want the MAIL itself protected by a password, I should send it encrypted (privacy assured) and signed (authentici

      • They own the domain.

        Yes, but not the email that is sent to the domain.

        The owner is the author of each email, and the mail is not intended for them.

        I completely fail to see how on earth it could possibly be legal to not only set up the domain to receive mail for all (nonexisting) addresses (knowing you are going to receive far more than just *your* email) but also to publish [cyberangels.nl] said email on a website.

        • email as it exists for the most part today, is like sending a postcard. At least that's the rhetoric behind some of the responses from early spammers: "Well someone with that email address opted in for email. Maybe it was the person who had it before you? Don't you want it?" Nobody had this domain before me, thanks.

          If they wanted private email, they maybe shoulda used something like PGP or something like TLS to authenticate. I would think that spamvrij.nl didn't get access to any private keys or certi


          • If they wanted private email, they maybe shoulda used something like PGP or something like TLS to authenticate.

            You're being childish here .. The question is about legality of the actions, not if they "could do it", as seems often to be used to justify bad things ..

        • I would have thought its a service for the previous owners...
          Dear ex-cyberangels, we've received a fair amount of email for you, but as we don't have a forwarding address we've uploaded it to a web site so you can access it at your convenience.

          I wouldn't want my email read by others, but then, I'd arrange with my contacts to forward my mail elsewhere, or at least inform them I've moved address.
        • How about the Old West justice bad analogy? These people were sending out billions of unsolicited emails. (Possibly pr0n to minors.) Why do they deserve any protection or courtesy?

          Ooh! The Open Source bad analogy! Publishing the spammer's email allows a distributed analysis by spam-fighters world-wide. Possibly someone has information about these criminal activities that wouldn't be connected without access to the emails.

          I hope that they checked the legality under Dutch law first, so it's probably/hopeful

        • not true. the recipient of email has the right to do with that email as they please. The difference between email and postal mails is that postal mail has a name and address. Without the name portion mandated, the address is all that matters.
        • Okay, I'll be serious. The sender of the email does own the copyright on the email. Publishing that email on a website might be a violation of their copyright if they object. Even if the website now has a notice that emails will be published, there was no prior notification of this change and the senders had no expectation that this was so. If anyone minds, let them speak up.

          Now, as for the previous owners of Cyberangels (I believe Martin still denies any connection), their rights are murkier and probably

      • wouldn't matter over here.

        email is considered to be much the same as normal mail by law here, and so the same secrecy/privacy laws apply to it.

        so, this could(probably would) be a case where you moved in a house and then received mail that was supposed to go the earlier owner of the house. you are not allowed to read through it and do a complete analysis of the psyche of the previous occupant, even if he was a convicted murderer and got hauled out of the house because of that.

        that is why there is so much

    • Re:Errr...isn't this illegal? (Score:5, Insightful)

      by bishopi ( 662205 ) on Monday July 07, 2003 @09:41AM (#6382432)
      Or at least immoral?

      I'd go with Immoral more than illegal - since they ARE the registered owners of a domain that was voluntarily dropped, they are technically the "owners" of that mail at this point in time.

      Mind you, there's probably a few hundred lawyers out there who were spammed previously who'll defend them if it becomes an issue ;)

      Ian

    • Re:Errr...isn't this illegal? (Score:5, Informative)

      by ChrisPaget ( 229422 ) on Monday July 07, 2003 @09:42AM (#6382435)
      RTFA. They didn't hijack the domain, they re-registered it when cyberangels de-registered it. They bought and paid for a domain that the previous owner no longer wanted.

      • Yes, that's fine. (Score:4, Interesting)

        by mindstrm ( 20013 ) on Monday July 07, 2003 @10:46AM (#6382807)
        They didn't hijack the domain.

        But receiving and publishing private correspondence that's destined for someone else is not. When you purchase a domain someone els used, it's NOT the same thing as purchasing their business from them.. it doesn't automatically entitle you to anything.. other than the domain.

        Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.

        • Re:Yes, that's fine. (Score:2, Interesting)

          by rvega ( 630035 )
          When I close or stop using an old email account for whatever reason, I send a note to all the people I correspond with, letting them know the new address where I can be reached. After I've done this, I know perfectly well that I won't get emails addressed to my old account, and that, potentially, someone else well.

          I wonder if cyberangels did this. I suppose not. Care to guess why?

        • Re:Yes, that's fine. (Score:2, Informative)

          by Anonymous Coward
          They didn't hijack the domain.

          But receiving and publishing private correspondence that's destined for someone else is not.

          Email is not private correspondance. There is no realistic expectaion of privacy with email, as anyone with access to any of the servers, routers, or networks your email traverses is completely within their rights to examine that email. Courts have repeatedly upheld this. How many times do we have to say "email is like a postcard; PGP is like an envelope"?

    • Re:Errr...isn't this illegal? (Score:5, Insightful)

      by Nfnitloop ( 513924 ) on Monday July 07, 2003 @09:44AM (#6382443)
      If you move into a house somebody just moved out of and receieve their junk mail (which is really all that they're getting here) do you think they're really going to care? It doesn't appear to have any personal emails or anything - just spam for the spammers. The nature of email doesn't put it in an "envelope" - it's synonymous with a postcard. If the postman or the person who received the card at their newly aquired address end's up reading it, big deal. There's no expectation of privacy.
      • <i>It doesn't appear to have any personal emails or anything - just spam for the spammers.</i>
        <br>
        This is true for <i>almost</i> all of the mails. There seems to be one of the two business emails included that they use as <a href="http://www.cyberangels.nl/evidence/mailmart i jn.html">evidence</a>.
        <br><br>
        IANA L, so I don't know if it's illegal, but I think it is difficult to say it's not immoral. One could say that the cause justifies the means...
      • Sounds pretty much right.

        If people wanted email to be private they would encrypt it.

        And any excuse about them "not knowing how" is about as relevant as people not knowing what an envelope is (or indeed caring)

      • "If you move into a house somebody just moved out of and receieve their junk mail (which is really all that they're getting here) do you think they're really going to care?"

        Who do you think you are, that you can make that decision for the actual mail recipient?

    • Re:Errr...isn't this illegal? (Score:2, Interesting)

      by Anonymous Coward
      Well, if the owner of a domain changes, then mails intended for the previous owner will inevitably be mistakenly sent to the new owner.

      I very much doubt that this could be validly considered illegal in this sense. Immoral...that depends. If you sign up with an ISP and end up with a mail address that used to belong to someone else, it'll be difficult for you to determine which mails are intended for you without reading them.

      A solution could be to have a time (e.g. 6 months) during which a domain can't be
    • ...assuming cyberangels provided their *new* domain and email addresses. And I swear, none of us will sign them up for a bunch of granny porn. I swear. Okay, so I lied. ;)

    • Re:Errr...isn't this illegal? (Score:5, Funny)

      by sulli ( 195030 ) * on Monday July 07, 2003 @10:30AM (#6382692) Journal
      A lot of things you wouldn't expect are legal in Holland.
    • When I bought my first domain, I thought it was entirely new, but it turns out it previously belonged to some small tech company in SoCal. I still get maybe 5-10 pieces of ham a week intended for these people, and probably another 60 pieces of spam. Overall not too bad, but its strange because even though I've never figured out what this company did ( and maybe that was their problem too..) I've kind of gotten to know each of the six or so people who had addresses on the domain simply based on the type of m
    • Illegality repends on the privacy law in the Netherlands. I have no idea what things are like there, so it could very well be illegal. As far as morality, that entirely depends on what morals one subscribes to, doesn't it?

      I'm sure there are many people who think it would be a great moral good if all the spammers in the world had their fingers broken...

  • Hold on... (Score:2, Funny)

    by bugsmalli ( 638337 )
    Lemme check my email...OH MY GAWD!!!!!

  • I wonder... (Score:2, Funny)

    by GeckoFood ( 585211 )
    How many of them do you suppose answered the ones for discount Viagra and penis enlargement? Oh, wait, nevermind...

  • Haha! (Score:3, Funny)

    by Gortbusters.org ( 637314 ) on Monday July 07, 2003 @09:37AM (#6382411) Homepage Journal
    2 attempts to subscribe ba@cyberangels to a gay magazine;

    The trolls strike again!

  • This is Awesome (Score:4, Funny)

    by Slack0ff ( 590042 ) <(moc.derob) (ta) (ydarbtam)> on Monday July 07, 2003 @09:38AM (#6382421)
    This is probally one of the best news stories I have seen on /. in a while. I went ahead and sent a link to everyone in my address book. Matter of fact I sent it to them all 3 times and then sent 1 additional message advertising how i made 55 thousand dollars in 2 hours. Now if I only knew these people in my address book.

  • limited access (Score:4, Funny)

    by Anonymous Coward on Monday July 07, 2003 @09:39AM (#6382422)
    Hmm... My employer's domain filter won't let my browse through this one.

    I guess I'll simply check my mail to see what these spammers are up to today.

  • Not much success there... (Score:5, Funny)

    by WIAKywbfatw ( 307557 ) on Monday July 07, 2003 @09:39AM (#6382423) Journal
    6305 incoming emails and not one of them contained an order or anything else positive.

    So, lessons to be learnt here if you're a spammer:

    1. Give up - it's clearly not worth the effort; or
    2. Keep at it - if at first you don't succeed, try again!

    Now if only we could somehow get them all to learn lesson 1 instead of lesson 2 then we'd be home and dry.

    • Re:Not much success there... (Score:5, Insightful)

      by mccalli ( 323026 ) on Monday July 07, 2003 @09:44AM (#6382447) Homepage
      6305 incoming emails and not one of them contained an order or anything else positive.

      You know, I was just putting together a response that said this too. Then it dawned on me - of course there weren't any positive responses via email, all the reply addresses on spam are faked anyway.

      Sadly, this encouraging count of zero doesn't actually reflect the number of potential respondants to spam. For that, we'd need to know if anyone called any of the telephone or fax numbers they list.

      Cheers,
      Ian

      • It is from people setting forwards. (Score:5, Interesting)

        by leuk_he ( 194174 ) on Monday July 07, 2003 @10:20AM (#6382627) Homepage Journal
        rtfa:

        if in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.

        translated:

        This is not from normal bounces, this is from people whose e-mail was abused and set a forward on the bounces to cyber angels, OR (less) from people who had more intelligent bouncers, and bounced to the correct domain.

        So this is very very small percentage of the total e-mail sent.

      • Sadly, this encouraging count of zero doesn't actually reflect the number of potential respondants to spam. For that, we'd need to know if anyone called any of the telephone or fax numbers they list. ...repeatedly, until the phone bills drive the spam senders out of business.

    • Do you really think the spammers are actually the storefront?

  • Not in three days. (Score:5, Informative)

    by Bilange ( 237074 ) <<moc.liamtoh> <ta> <egnalib>> on Monday July 07, 2003 @09:39AM (#6382424) Journal
    ...what kind of mail does a major spammer receive in the course of three days? By now, we have a very precise answer: 6305 mails.

    They are wrong. Look in the page linked [cyberangels.nl]:

    Introduction: 6305 mails in (basically) one day
    • Until now - 06-07-2003, 23:00 GMT+1 - we have received a grand total of 6305 mails. The oldest is dated Tue, 24 Jun 2003 01:10:17 GMT+1, and the bulk of the mail was sent between 01 July and 04 July 2003.

      It kind of depends on how you count the mails ... received or sent?

      YS
    • Friday morning, when the NL-zonefiles were updated: the MX-records of cyberangels.nl were now pointing to us. (We made a catch-all for all adresses.) The first few hours, literally thousands of mails reached us: 5919 mails, most of them bounces. By now, the avalanche has dwindled to a trickle.

      Until now - 06-07-2003, 23:00 GMT+1 ...

      Friday was 04-07-2003, 6305 messages received on the 4th of July, the 5th of July and the 6th of July ... that looks like more than two days and less than four to me!

  • Bevelander (Score:5, Informative)

    by dapozza- ( 174718 ) on Monday July 07, 2003 @09:40AM (#6382427)
    It's all about a young guy called Martijn Bevelander, there is alot of press now here in Holland because the net is closing around him. Hope he gets banned from the Dutch Internet provider group and his company stops.

    Latest news (in Dutch):

    http://www.webwereld.nl/nieuws/15564.phtml

    • Re:Bevelander (Score:5, Informative)

      by AndroidCat ( 229562 ) on Monday July 07, 2003 @09:51AM (#6382480) Homepage
      Here's a story in The Register [theregister.co.uk] about Martijn Bevelander and this turn of events.

    • Photo of alleged spammer (Score:2, Funny)

      by Anonymous Coward
      Mr. Bevelander was proclaimed to be the "Dutch Bill Gates" [telegraaf.nl] by the Telegraaf, the largest newspaper in the country.

      The text says that his teachers predicted he would end up in the gutter. At age 16 he started his own Internet company. "If I end up in the gutter, it will be my gutter!", he defiantly said.

      I guess his teachers were right after all...

      • Re:Photo of alleged spammer (Score:4, Interesting)

        by Anonymous Coward on Monday July 07, 2003 @11:05AM (#6382931)
        I know this guy personally (posting anonymously for obvious reasons). He got the company from his father, as a birthday present.

        He is friends with this guy [theregister.co.uk]. And I mean, good friends. There was a third guy (American) who brought them together. The Fluffi Bunny guy was into serious fraud (hell, I've seen it happen first hand, stolen credit cards used in night clubs in London, heavy drugs, etc.).

        I am not surprised that now Bevelander is under the spotlight. He was a criminal two years ago when I met him. He is a criminal now.

    • I hope he comes to visit me. Would be fun to read on the internet:

      Dutch spammer forced to eat printouts of 3500 commercial emails.

    • Re:Bevelander (Score:3, Interesting)

      by brrrrrrt ( 628665 )
      This guy is hilarious.

      A couple of years ago (the dot com bubble was still hot), the biggest Dutch tabloid newspaper De Telegraaf carried an article about him, in which he portrayed himself as the Next Big Thing (tm) to happen to the internet, likened himself to Uncle Scrooge, Bill Gates etc.

      A couple of days later it turns out his "anonymous venture capitalist" is his rich daddy.. :)
      And the big and impressive colour picture of him amidst the 19" racks with servers, routers, storage units, ups's, cables etc

  • I don't believe these numbers... (Score:5, Interesting)

    by JaredOfEuropa ( 526365 ) on Monday July 07, 2003 @09:40AM (#6382431) Journal
    "Introduction: 6305 mails in (basically) one day
    We received 5880 bounces and forwards
    We received 12 spams for @cyberangels
    We received 40 attempts to annoy Cyberangels
    We received 371 complaints about Cyberangels
    We received 2 business mails"

    In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars! ;-)

    • I don't either! (Score:3, Interesting)

      by siskbc ( 598067 )
      In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars! ;-)

      What I can't believe is that they didn't get more *dictionary* attacks than that, I mean, ba@cyberangels.com should have gotten spammed like crazy with such a short username.

      Could it be that since they have so little non-spam-related activity that spambots didn't up the domain?

      • It might be that the domain was not a priority for brute force attacks. A brute forcer would probably target a more known and populated domain.
        • It might be that the domain was not a priority for brute force attacks. A brute forcer would probably target a more known and populated domain.

          That's what I'm thinking. But I've heard of guys hosting their own domains get hit with dictionary by spammers who I guess are too dumb to check that out. So I do think these guys got lucky on the whole.

          Actually, my new theory is that spammers don't spam spammers for the same reason that snakes don't bite lawyers: professional courtesy. ;)

  • Analysis... (Score:5, Funny)

    by Anonymous Coward on Monday July 07, 2003 @09:44AM (#6382446)
    I'll be that about 90% of the email is some variation of:

    IF I EVER MEET YOU I WILL KICK YOUR ASS

  • What astonishes me (Score:5, Interesting)

    by Knife_Edge ( 582068 ) on Monday July 07, 2003 @09:45AM (#6382450)
    Is how few emails were for business. I assume this category would include responses to spam. Maybe I do not understand the story, and the CyberAngels people were merely responsible for sending the spam (for other people), and if anyone responded to the offers in the mails it would go to an non-CyberAngels address. Or possibly redirected to a website, where they could make a purchase. Yeah, as I type out my thoughts, the reason for the dearth of business emails becomes clearer.

    I had hoped for some accurate stats on the actual response rates to spam. I have heard rumors flying around that they are insanely low, like .0003%, and insanely high (compared with other forms of direct marketing), like 5%. People can argue for one side or another, but I need more evidence than conjecture to begin to understand the problem. If the response rate is already very low, then relatively simple technological solutions would probably suffice to drive them low enough to make spam unprofitable. If the response rate is high, it is going to take a lot of effort to fix this problem, possibly involving a redesign of the email system.

    Glad to see these spammers were shut down, but we need more insights into the way they operate in order to shut them all down.
    • I guess it would depend on how you classify the "response rate". Is it people reading the email, visiting the website of the product or service being hawked, or just a flat out purchase? I'd say that if you checked all those, it would decrease sharply on that last one.

  • Only 6000? (Score:4, Informative)

    by RealisticWeb.com ( 557454 ) on Monday July 07, 2003 @09:47AM (#6382461) Homepage
    6000 emails in 3 days? That doesn't sound like nearly enough for a serious spammer. I had a web server compromised by a spammer last year and I received more than 6000 bounce-backs in less than three days before I found the hole and patched it up. It seems to me like a professional spammer would have several servers at several IP's and get way more spam than that. Especially when you include complaint email.

    • Address spoofing. (Score:2, Insightful)

      by Anonymous Coward
      Since the header shows a return email address that doesn't belong to the spammer, the bounces go to compromised servers like yours was and people who get sent the spam usually can't figure out who to complain to. There's little reason for a spammer to accept incoming email, so they probably don't have any email addresses on their websites and email harvesters don't send them spam.

    • Re:Only 6000? (Score:3, Informative)

      by snillfisk ( 111062 )
      As others has pointed out, the numbers in the summary is wrong -- and if you had read the article (but hey, this is slashdot) -- you would have seen that quite fast.


      Introduction: 6305 mails in (basically) one day
      We received 5880 bounces and forwards
      We received 12 spams for @cyberangels
      We received 40 attempts to annoy Cyberangels
      We received 371 complaints about Cyberangels
      We received 2 business mails

      I'll leave it up the regular reader to multiply by three :p

    • Re:Only 6000? (Score:4, Informative)

      by Erik Hensema ( 12898 ) on Monday July 07, 2003 @10:53AM (#6382859) Homepage

      The spams were sent using a forged return address. One small Dutch provider got fed up with them, and now forwards all mails to our ripe-contact address.

      AFAIK there were no bounces directly to @cyberangels.nl.

      Erik Hensema (secretary of the spamvrij.nl foundation).

  • Interesting autopsy (Score:5, Insightful)

    by Migraineman ( 632203 ) on Monday July 07, 2003 @09:48AM (#6382465)
    They've done a nice job of analyzing the residual influx of email, while not airing all the dirty laundry. They didn't post a complete session log, so there's no information that may get folks upset. The last business email listed as "1 other" is probably sensitive, and shouldn't be posted on the web (though sending them a "we know who you are" message may make them think twice about using spam in the future.)

    • Re:Interesting autopsy (Score:3, Informative)

      by Fjan11 ( 649654 )
      The "1 other" e-mail is up on the website, and it is interesting indeed. It is addressed to a person by the name of Martijn. Could this be the same Martijn Bevelander who denies having anything to do with CyberAngels? Investigation by NLIP (Dutch service provider association) into the operations of Mr Bevelander is pending...

  • Spammers (Score:5, Interesting)

    by Anonymous Coward on Monday July 07, 2003 @09:51AM (#6382477)
    Spammers intressts me, I hate them. But I do wounder how much the company buying the spamming service actualy to earn in the end. For ones I contacted a company about there wounderful product, and said I was intressed in buying some. My idea was to get hold of a real life person, to send my "I live in a country where its illegal to spam people, so you guys broken the law!".. But ofcourse I didnt mention that on "intressed in your products" mail I sent them (on there official sales email from there site).. Now whats realy make me confused is that they never wrote anything back.. So..

    1. Spam me
    2. Ignore me if I want to buy there product
    3. ???
    4. Profit!

  • The Ol' Gay Porn Tactic (Score:5, Funny)

    by LegendOfLink ( 574790 ) on Monday July 07, 2003 @09:52AM (#6382483) Homepage
    "2 attempts to subscribe ba@cyberangels to a gay magazine;"

    Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine. Gets 'em every time.
    • I imagine it only has something to do with the European location that they didn't get order confirmation requests for hundreds of pizzas too.
    • Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine.

      I wonder if there are any legitimate consumers of gay porn email lists, or if they are exclusively used to annoy people?

      ...on second thoughts, never mind [shudders]...

  • Only one way to make money for Spammers - steal it (Score:5, Interesting)

    by Snaffler ( 311068 ) on Monday July 07, 2003 @09:52AM (#6382494)
    The sheer volume of messages must mean that most spammers are out for only one thing: credit card information. And the best way to get those is to run some scripts to strip out the necessary information. I cannot believe that they can take the time to actually parse out the information by hand, figure out which non-existent product they are selling, and sell anything. 6,000 per day would be 8 seconds per message in a 12-hour day, more or less. I have heard that 40-60 percent of spammers never ship any product, just take a bite out of your credit card and move on. This goes a long way toward confirming that suspicion.

  • Good for them! (Score:5, Interesting)

    by Anonymous Coward on Monday July 07, 2003 @10:03AM (#6382542)
    I'm pretty happy about that. According to an article in The Register, One of the board members [theregister.co.uk] of spamvrij.nl is Karin Spaink, very likely the same Karin Spaink [xs4all.nl] who has been involved in the battle against $cientology.

    Taking on spammers nd $cientologists. Damn. She's got guts.

    • Re:Good for them! (Score:5, Interesting)

      by Thagg ( 9904 ) <thadbeier@gmail.com> on Monday July 07, 2003 @10:37AM (#6382737) Journal
      Indeed, Ms Spaink is one of the most intrepid voices on the 'net. More power to her.

      The Scientologists have sued her some (long) time ago over a copyright issue, and she won. They've sued her again, and that trial is in an extremely weird state -- the judgement keeps getting delayed. Every day when the judgement becomes due (the Dutch courts apparently say in advance when they will have a decision) the court announces that the judgement has been delayed a few or many months, and announce that new date. So far, it has been delayed, I believe, 6 times, and is coming up for a new date very soon -- when it will probably be delayed again.

      Go Karin!

      thad

    • Re:Good for them! (Score:4, Interesting)

      by AndroidCat ( 229562 ) on Monday July 07, 2003 @10:37AM (#6382740) Homepage
      Heh. Take a look at who submitted the story.

      There a number of people who dislike the actions of Co$ and can't stand spammers either. I'll tell you, after being threatened by Co$ [xenu.ca], the threats of a punk spammer seem pretty lame.

    • Re:Good for them! (Score:3, Informative)

      by Yeti7226 ( 473207 )
      Karin Spaink is has been battling Co$, Spammers and MS (the disease, not the company) for years. It's nothing short of amazing how she just keeps going.

  • Friends of Mr. Bevelander (Score:5, Interesting)

    by AndroidCat ( 229562 ) on Monday July 07, 2003 @10:16AM (#6382603) Homepage
    According to this story [theregister.co.uk] he has real nice friends:

    The BBC
    discovered [bbc.co.uk] that Superzonda, a South American spam gang which may have used the Sobig virus to install open proxies on end-users machines, hijacked British Airways' computers without its knowledge to advertise a website called beautifulwomentodate.com (offering Russian brides).
    I recall getting Sobig a few times. Nice people that he hangs with. (Oh if only it were literally true eh? :^)
  • It works so well that even slashdotters are rushing to read spam mail =)

  • All I want to know is... (Score:4, Funny)

    by jpmahala ( 181937 ) on Monday July 07, 2003 @10:23AM (#6382641)
    Did Mr. Joseph Otumba from Nigeria get my response?

  • You know you are a sysadmin when... (Score:5, Funny)

    by Noryungi ( 70322 ) on Monday July 07, 2003 @10:28AM (#6382668) Homepage Journal
    ... like me, you read the following line:

    Somebody believed that a Cyberangels' dick was too small.

    as:

    Somebody believed that a Cyberangels' disk was too small.

    I was like wtf? Disk too small? Not enough space in the /home directory? Swap space problems?

    Then, I re-read the line, and I went:

    Oh, THAT thing is too small... =)

  • A gem... (Score:5, Funny)

    by iworm ( 132527 ) on Monday July 07, 2003 @10:32AM (#6382708)
    Love this part of the analysis:

    Both ba@cyberangels and ripe-contact@cyberangels recieved some spam:

    1. Mr. RASHEED BELLO sent ba@ six Nigerian scams;
    2. @yahoo.com.cn spammed four times with something rather illegible;
    3. Mr. Ken Titoh was hoping to assist Mr. ERASHEED BELLO;
    4. Somebody believed that a Cyberangels' dick was too small
  • That only 12 out of 6305 emails they received were actually spam (i.e., 0.2%)! Actually make that 11; I'd guess a spammer would likely be an opted-in and interested customer as regards penis enlargement.

  • Funny, 80% of my email is just SPAM (Score:5, Interesting)

    by krray ( 605395 ) * on Monday July 07, 2003 @10:38AM (#6382748)
    I have my own home domain which was setup shortly after college and used (then) to just keep communicating with distant friends. Back in the day UUCP was how it was done for $15/mo which gave me 3 hours of transfers before I had to start paying extra.

    BECAUSE of the spammers I did have to pay extra. Long ago went to broadband type connections starting with ISDN (still backup and my only phone lines) to 10Mbit wireless uplink today (sweet). Funny, but I am STILL paying for the bandwidth and SPAM still annoys the hell out of me personally.

    So -- to get it under control I baited the spammers (and still do :). Hundreds of non-existent users to just harvest spam. Any USENET type postings have a good email for about a week (if at all) before harvesting. Hell, I even like to add in users where they attempted "bob@" that didn't exist.

    Me, myself, and my wife -- here's my stats for the entire month of June:

    Outbound (work): 60 (1.74%)
    Outbound (personal): 49 (1.42%)
    Notes to myself: 89 (2.58%)
    Inbound to me: 422 (12.24%)
    Inbound to the wife: 14 (0.41%)
    System messages: 68 (1.97%)
    System ERROR codes: 2 (0.06%)
    Just TESTING: 7 (0.20%)
    SPAM TRAPPED: 2738 (79.39%)

    TOTAL EMAILS: 3449

    Um, Houston ... we have a problem.
  • I was going to say doesn't this go against the rights of the spammers to post their emails, blah blah blah... but then I remembered these were spammers, and in my eyes they have no rights and deserve nothing short of genital mutilation...

  • Summary of the article (in case it's slashdotted) (Score:4, Interesting)

    by jarran ( 91204 ) on Monday July 07, 2003 @11:22AM (#6383037)
    Spamfighter gets holds of spammers inbox. 99% of it is junk. 1 e-mail is of minor passing interest.

  • Don't go after the dealer...go after the USER! (Score:3, Interesting)

    by clmensch ( 92222 ) on Monday July 07, 2003 @11:32AM (#6383128) Homepage Journal
    Why oh why do we expend so much energy attempting to come up with technical and legislative roadblocks to stop the spamming schmucks out there? Wouldn't it be easier to make it illegal to ADVERTISE in that manner? Go after the businesses that pay these jerks.

    If that's not possible, couldn't someone just host a database that users could add the name (+address/phone info), url, and offending spam-message to? That way an organized boycott/reverse spam/snailmail campaign could be lodged against those who pay to clog the internet with their muck? I couldn't have been the first person to think of this...perhaps something like this already exists?

  • Follow the Money (Score:5, Insightful)

    by mobileskimo ( 461008 ) on Monday July 07, 2003 @11:36AM (#6383152) Journal
    I have a question. What occurs to credit cards and payments that scammers receive from their customers?

    Spammers are by no means stupid. Above all things they MUST get their money, otherwise none of this is worth doing.

    So if the scammers are getting their money, the credit card companies pay them. If the credit card companies pay them...

    [1] We have a breach of trust between the credit card companies and the customers. CC companies are not doing their due diligence in brokering payments for product/services. CC companies are issueing clearance of charges to unscrupulous people. We are entrusting them with our financials (whether we choose to "fraud-notify" them or not). They have all the information, both the consumers and the scammers.

    [2] The customers complain they never got their product. Report fraud. The credit card companies remove the charge, investigate it or not. This increases cost/risk for the CC companies. Higher interest rates? More cooking the books?

    Why is nobody investigating the money side (IMHO the lifeblood of this business) of this problem? As long as we concentrate on the technology, we'll always be distracted from the real solution. It's all about the money in the end.

    Anonimity
    + Privacy, Sharing, Voice
    - Scams, Theft, Hit/Run

    We asked for it.

    • Re:Follow the Money (Score:4, Interesting)

      by Animats ( 122034 ) on Monday July 07, 2003 @12:21PM (#6383468) Homepage
      Exactly.

      I'd like to find a financial institution that will give me a credit/debit card number for which they will reject all transactions, and they immediately relay to me any transaction data that comes in over the banking network. That would be a big help in finding spammers.

    • Re:Follow the Money (Score:4, Informative)

      by Michael Spencer Jr. ( 39538 ) * <spamNO@SPAMmspencer.net> on Tuesday July 08, 2003 @03:47AM (#6389251) Homepage
      I'm going to illuminate a dark spot in your argument, because I work for a major credit card processor.

      For Visa and Mastercard at least, there are many parties involved in credit card transactions.

      * Cardholders are obvious. You, me, anybody can be a cardholder.
      * Issuing banks -- these are the companies who actually issue the card, and who own the account the card is attached to. They are responsible for handing out authorizations (approvals, declines, etc) and for moving money between that cardholder's account and the Visa/Mastercard payment transfer system.
      * Associations -- there ain't too many of these. Visa is a payment transfer association. Mastercard is a payment transfer association. These associations have rules and regulations, and they interface with a *vendor* in a technical way, and with issuing banks and acquirers in a business/financial way.
      * Vendors -- think communications providers. Yes, I thought it was weird terminology too, but in the credit card processing world a 'vendor' is a communication provider of some kind. Vital Processing Inc, BuyPass, NDC, FDR, ADS/SPS/Vectrix, these companies all provide servers and communication paths that help get businesses and banks communicating and doing transactions. These guys have no *financial* link to any transactions.
      * Acquirers, like the company I work for. These companies are responsible for coordinating the technical stuff that gets merchants talking to vendors, *and* for establishing and maintaining the business/financial link between the merchant and the association. Merchants sign a contract with an acquirer, and the acquirer is bound by Visa/MC regs -- so the merchant is bound by visa/mc regs. The acquirer is ultimately responsible for its merchants.
      * Merchants. These are businesses that want to accept customer payments via credit card.

      OK, enough background and terminology. How anonymous can you be if you accept credit cards? How anonymous is the money that passes through the system?

      Not very. Not at all, actually. When a merchant signs up for a "merchant account" with an acquirer, they usually pay a rather hefty application fee. The acquirer knows they will be ultimately responsible for this merchant, so they do their homework and make sure this merchant is a good risk.

      Why do acquirers have to be so careful? The "case study" threat model to defend against is: merchant runs advertising campaign, gets hundreds of thousands of dollars in credit card sales. Merchant takes these hundreds of thousands of dollars and "runs for the border", disappearing without a trace. After a while, customers start figuring out they aren't getting their widgets and ask their issuing banks to issue chargebacks. Chargebacks come rolling in; acquirer is now responsible for paying back all of that money. Acquirer will now pass those charges on to the merchant -- oh, damn, wait, they're long gone. Acquirer eats the loss. Ow.

      Acquirers fight this in several ways. First, they're very careful about who they take on as merchants. Thorough credit checks, sometimes required examples of products, and high standards. Second, for high risk merchants, an acquirer will sometimes withhold payment for a certain amount of time. If an acquirer believes that most customers would issue chargebacks well within 90 days (even though they have up to 6 months) it can hold onto those funds for 90 days. If the merchant ships the goods it promises no chargebacks appear, and the merchant gets their money. If the merchant doesn't deliver goods, the acquirer still has the funds on hand so it can pay the chargebacks out of the merchant's own funds.

      With all this in mind, I have some problems with the parent post. I don't believe there was a breach of trust -- the system works the way it's supposed to, because of chargebacks.

      Issuing banks are supposed to be fairly liberal about who they grant authorizations to. They can return authorization responses in one of three categories: basica

  • Mail from martijn@cyberangels.nl recieved (Score:5, Informative)

    by kspaink ( 86885 ) on Monday July 07, 2003 @11:45AM (#6383228) Homepage
    Actually, we had one already - which is analysed at http://www.cyberangels.nl/evidence/mailmartijn.htm l [cyberangels.nl], and only now two news mails arrived. Check the mail analysis page [cyberangels.nl] for updates.

  • So whats the big deal? (Score:3, Interesting)

    by skinfitz ( 564041 ) on Monday July 07, 2003 @12:01PM (#6383319) Journal
    So 6305 mails in total, one of which was a valid email from someone wanting to contact them. [cyberangels.nl]

    Signal to noise ratio of 1/6304

    So how is this different to anyones email these days?
  • for a spammer would be cybera**hole.com

  • Been there, done that (Score:5, Interesting)

    by Animats ( 122034 ) on Monday July 07, 2003 @01:06PM (#6383762) Homepage
    I saw a spammer's incoming mail when a spammer tried to use my "downside.com" domain as a return address. I got about 16,000 e-mails, mostly mail bounces with a few threats and hate mails. (Those last I answered personally.)

    Shutting the spammer down took about a month, but ultimately was successful. I got their 24 porno sites, two fake billing sites, and a few other related sites kicked off ISPs from Sao Paulo, Brazil to Brooklyn NY to St. Petersburg, Russia, where they actually were. They've been down for months now, and they are staying down. They don't seem to have come back under a different name; searches for ther subject matter in Google come up empty.

    I had the advantage that I own "Downside" as a registered trademark. This gave me some legal leverage.

    One useful tactic was to report phony domain registration info to ICANN. Some domain registrars will then lock the domain against changes until the domain owner provides them with valid ID info. If you do that, and you then get them kicked off an ISP, their domain is locked to an ISP that won't host them, and they can't fix it without disclosing their identity to their registrar.

    In this case, the spammer had their own DNS server, so they could quickly move their sites from ISP to ISP. But I managed to get all three of the domains that handled their DNS queries locked, then kicked off ISPs, which took down their entire set of sites.

    It turned out that the CEO of their ISP's upstream provider in Russia was somebody I knew from the 1980s, so I was able to get even a Russian ISP to cooperate.

    You don't have to sit there and put up with this stuff. You can fight back and win.

  • The one interesting email... (Score:4, Informative)

    by indecision ( 21439 ) * on Monday July 07, 2003 @01:55PM (#6384103)

    They list one email as being particularly interesting [cyberangels.nl], as copied below.

    For me, the really intriguing bit is that they talk about "hosting" a lot, so much so that it appears to be a codeword for "spamming". Its a fairly obvious thing to do for someone who makes their money off spam - try to keep a low profile and not discuss their business openly.


    Return-path:

    Date: Fri, 04 Jul 2003 11:30:30 +0100
    Subject: Rick Yazwinski referral
    From: Mark Holyland
    To: martijn@cyberangels.nl

    Hi Martijn

    Rick from Web Krew / Python gave me your contact regarding hosting.

    Can you give me more information as to what hosting you can offer and the costs of your services ?

    I look forward to hearing from you

    Best Regards

    Mark

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close