Slashdot Mirror
Spamfighters Get A Hold Of Spammers' Incoming Mail
Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously,
the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels.
Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a
very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."
...what kind of mail does a major spammer receive in the course of three days? By now, we have a very precise answer: 6305 mails.
They are wrong. Look in the page linked:
Introduction: 6305 mails in (basically) one day
"...a generation of kids has grown up thinking Trance is the shittiest music since country and western." - Paul van Dyk
It's all about a young guy called Martijn Bevelander, there is alot of press now here in Holland because the net is closing around him. Hope he gets banned from the Dutch Internet provider group and his company stops.
Latest news (in Dutch):
http://www.webwereld.nl/nieuws/15564.phtml
RTFA. They didn't hijack the domain, they re-registered it when cyberangels de-registered it. They bought and paid for a domain that the previous owner no longer wanted.
6000 emails in 3 days? That doesn't sound like nearly enough for a serious spammer. I had a web server compromised by a spammer last year and I received more than 6000 bounce-backs in less than three days before I found the hole and patched it up. It seems to me like a professional spammer would have several servers at several IP's and get way more spam than that. Especially when you include complaint email.
Sigs are out of style, so I'm not going to use one...oh wait..
The "1 other" e-mail is up on the website, and it is interesting indeed. It is addressed to a person by the name of Martijn. Could this be the same Martijn Bevelander who denies having anything to do with CyberAngels? Investigation by NLIP (Dutch service provider association) into the operations of Mr Bevelander is pending...
This sig is just as redundant as the rest of this posting
Try this. It's a symlink on the same box
I'm not a complete idiot... Some parts are missing.
Karin Spaink is has been battling Co$, Spammers and MS (the disease, not the company) for years. It's nothing short of amazing how she just keeps going.
Actually, we had one already - which is analysed at http://www.cyberangels.nl/evidence/mailmartijn.htm l, and only now two news mails arrived. Check the mail analysis page for updates.
I write, therefore I am:
http://www.spaink.net/
She's going after the largest pseudo scientific religious money making scam artists. No dought the pr0n industry is part of the equation. Spam is one of their biggest products. Just hope organised crime does not get her first.
I know organised crime does not exist anymore, according to TV reports. Joe Blow America does not care who or even know who is running the show.
I did not change my sig for this post so it is a little wierd... sorry
OH THE SHAME I fell off the wagon and use sigs again!
But receiving and publishing private correspondence that's destined for someone else is not.
Email is not private correspondance. There is no realistic expectaion of privacy with email, as anyone with access to any of the servers, routers, or networks your email traverses is completely within their rights to examine that email. Courts have repeatedly upheld this. How many times do we have to say "email is like a postcard; PGP is like an envelope"?
Pascalstraat 17
2014KZ Haarlem
(The Netherlands)
Tel.023-5101094
Fax.023-5441982
If you want to give him a call (for example, to explain your appreciation for that penis extension), remember that the country code for the Netherlands is 31.
This is a company address, so you won't actually disturb his neighbours or his cat or something.
They list one email as being particularly interesting, as copied below.
For me, the really intriguing bit is that they talk about "hosting" a lot, so much so that it appears to be a codeword for "spamming". Its a fairly obvious thing to do for someone who makes their money off spam - try to keep a low profile and not discuss their business openly.
I'm going to illuminate a dark spot in your argument, because I work for a major credit card processor.
For Visa and Mastercard at least, there are many parties involved in credit card transactions.
* Cardholders are obvious. You, me, anybody can be a cardholder.
* Issuing banks -- these are the companies who actually issue the card, and who own the account the card is attached to. They are responsible for handing out authorizations (approvals, declines, etc) and for moving money between that cardholder's account and the Visa/Mastercard payment transfer system.
* Associations -- there ain't too many of these. Visa is a payment transfer association. Mastercard is a payment transfer association. These associations have rules and regulations, and they interface with a *vendor* in a technical way, and with issuing banks and acquirers in a business/financial way.
* Vendors -- think communications providers. Yes, I thought it was weird terminology too, but in the credit card processing world a 'vendor' is a communication provider of some kind. Vital Processing Inc, BuyPass, NDC, FDR, ADS/SPS/Vectrix, these companies all provide servers and communication paths that help get businesses and banks communicating and doing transactions. These guys have no *financial* link to any transactions.
* Acquirers, like the company I work for. These companies are responsible for coordinating the technical stuff that gets merchants talking to vendors, *and* for establishing and maintaining the business/financial link between the merchant and the association. Merchants sign a contract with an acquirer, and the acquirer is bound by Visa/MC regs -- so the merchant is bound by visa/mc regs. The acquirer is ultimately responsible for its merchants.
* Merchants. These are businesses that want to accept customer payments via credit card.
OK, enough background and terminology. How anonymous can you be if you accept credit cards? How anonymous is the money that passes through the system?
Not very. Not at all, actually. When a merchant signs up for a "merchant account" with an acquirer, they usually pay a rather hefty application fee. The acquirer knows they will be ultimately responsible for this merchant, so they do their homework and make sure this merchant is a good risk.
Why do acquirers have to be so careful? The "case study" threat model to defend against is: merchant runs advertising campaign, gets hundreds of thousands of dollars in credit card sales. Merchant takes these hundreds of thousands of dollars and "runs for the border", disappearing without a trace. After a while, customers start figuring out they aren't getting their widgets and ask their issuing banks to issue chargebacks. Chargebacks come rolling in; acquirer is now responsible for paying back all of that money. Acquirer will now pass those charges on to the merchant -- oh, damn, wait, they're long gone. Acquirer eats the loss. Ow.
Acquirers fight this in several ways. First, they're very careful about who they take on as merchants. Thorough credit checks, sometimes required examples of products, and high standards. Second, for high risk merchants, an acquirer will sometimes withhold payment for a certain amount of time. If an acquirer believes that most customers would issue chargebacks well within 90 days (even though they have up to 6 months) it can hold onto those funds for 90 days. If the merchant ships the goods it promises no chargebacks appear, and the merchant gets their money. If the merchant doesn't deliver goods, the acquirer still has the funds on hand so it can pay the chargebacks out of the merchant's own funds.
With all this in mind, I have some problems with the parent post. I don't believe there was a breach of trust -- the system works the way it's supposed to, because of chargebacks.
Issuing banks are supposed to be fairly liberal about who they grant authorizations to. They can return authorization responses in one of three categories: basica