Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spamfighters Get A Hold Of Spammers' Incoming Mail

Posted by Hemos on from the read-the-juicy-bits dept.

Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously, the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels. Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."

17 of 274 comments (clear)

  1. I don't believe these numbers... by JaredOfEuropa · · Score: 5, Interesting

    "Introduction: 6305 mails in (basically) one day
    We received 5880 bounces and forwards
    We received 12 spams for @cyberangels
    We received 40 attempts to annoy Cyberangels
    We received 371 complaints about Cyberangels
    We received 2 business mails"

    In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars! ;-)

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  2. What astonishes me by Knife_Edge · · Score: 5, Interesting

    Is how few emails were for business. I assume this category would include responses to spam. Maybe I do not understand the story, and the CyberAngels people were merely responsible for sending the spam (for other people), and if anyone responded to the offers in the mails it would go to an non-CyberAngels address. Or possibly redirected to a website, where they could make a purchase. Yeah, as I type out my thoughts, the reason for the dearth of business emails becomes clearer.

    I had hoped for some accurate stats on the actual response rates to spam. I have heard rumors flying around that they are insanely low, like .0003%, and insanely high (compared with other forms of direct marketing), like 5%. People can argue for one side or another, but I need more evidence than conjecture to begin to understand the problem. If the response rate is already very low, then relatively simple technological solutions would probably suffice to drive them low enough to make spam unprofitable. If the response rate is high, it is going to take a lot of effort to fix this problem, possibly involving a redesign of the email system.

    Glad to see these spammers were shut down, but we need more insights into the way they operate in order to shut them all down.

  3. Spammers by Anonymous Coward · · Score: 5, Interesting

    Spammers intressts me, I hate them. But I do wounder how much the company buying the spamming service actualy to earn in the end. For ones I contacted a company about there wounderful product, and said I was intressed in buying some. My idea was to get hold of a real life person, to send my "I live in a country where its illegal to spam people, so you guys broken the law!".. But ofcourse I didnt mention that on "intressed in your products" mail I sent them (on there official sales email from there site).. Now whats realy make me confused is that they never wrote anything back.. So..

    1. Spam me
    2. Ignore me if I want to buy there product
    3. ???
    4. Profit!

  4. Only one way to make money for Spammers - steal it by Snaffler · · Score: 5, Interesting

    The sheer volume of messages must mean that most spammers are out for only one thing: credit card information. And the best way to get those is to run some scripts to strip out the necessary information. I cannot believe that they can take the time to actually parse out the information by hand, figure out which non-existent product they are selling, and sell anything. 6,000 per day would be 8 seconds per message in a 12-hour day, more or less. I have heard that 40-60 percent of spammers never ship any product, just take a bite out of your credit card and move on. This goes a long way toward confirming that suspicion.

  5. Good for them! by Anonymous Coward · · Score: 5, Interesting

    I'm pretty happy about that. According to an article in The Register, One of the board members of spamvrij.nl is Karin Spaink, very likely the same Karin Spaink who has been involved in the battle against $cientology.

    Taking on spammers nd $cientologists. Damn. She's got guts.

    1. Re:Good for them! by Thagg · · Score: 5, Interesting

      Indeed, Ms Spaink is one of the most intrepid voices on the 'net. More power to her.

      The Scientologists have sued her some (long) time ago over a copyright issue, and she won. They've sued her again, and that trial is in an extremely weird state -- the judgement keeps getting delayed. Every day when the judgement becomes due (the Dutch courts apparently say in advance when they will have a decision) the court announces that the judgement has been delayed a few or many months, and announce that new date. So far, it has been delayed, I believe, 6 times, and is coming up for a new date very soon -- when it will probably be delayed again.

      Go Karin!

      thad

      --
      I love Mondays. On a Monday, anything is possible.
    2. Re:Good for them! by AndroidCat · · Score: 4, Interesting
      Heh. Take a look at who submitted the story.

      There a number of people who dislike the actions of Co$ and can't stand spammers either. I'll tell you, after being threatened by Co$, the threats of a punk spammer seem pretty lame.

      --
      One line blog. I hear that they're called Twitters now.
  6. Friends of Mr. Bevelander by AndroidCat · · Score: 5, Interesting
    According to this story he has real nice friends:

    The BBC discovered that Superzonda, a South American spam gang which may have used the Sobig virus to install open proxies on end-users machines, hijacked British Airways' computers without its knowledge to advertise a website called beautifulwomentodate.com (offering Russian brides).
    I recall getting Sobig a few times. Nice people that he hangs with. (Oh if only it were literally true eh? :^)
    --
    One line blog. I hear that they're called Twitters now.
  7. It is from people setting forwards. by leuk_he · · Score: 4, Interesting

    rtfa:

    if in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.

    translated:

    This is not from normal bounces, this is from people whose e-mail was abused and set a forward on the bounces to cyber angels, OR (less) from people who had more intelligent bouncers, and bounced to the correct domain.

    So this is very very small percentage of the total e-mail sent.

  8. Funny, 80% of my email is just SPAM by krray · · Score: 4, Interesting

    I have my own home domain which was setup shortly after college and used (then) to just keep communicating with distant friends. Back in the day UUCP was how it was done for $15/mo which gave me 3 hours of transfers before I had to start paying extra.

    BECAUSE of the spammers I did have to pay extra. Long ago went to broadband type connections starting with ISDN (still backup and my only phone lines) to 10Mbit wireless uplink today (sweet). Funny, but I am STILL paying for the bandwidth and SPAM still annoys the hell out of me personally.

    So -- to get it under control I baited the spammers (and still do :). Hundreds of non-existent users to just harvest spam. Any USENET type postings have a good email for about a week (if at all) before harvesting. Hell, I even like to add in users where they attempted "bob@" that didn't exist.

    Me, myself, and my wife -- here's my stats for the entire month of June:

    Outbound (work): 60 (1.74%)
    Outbound (personal): 49 (1.42%)
    Notes to myself: 89 (2.58%)
    Inbound to me: 422 (12.24%)
    Inbound to the wife: 14 (0.41%)
    System messages: 68 (1.97%)
    System ERROR codes: 2 (0.06%)
    Just TESTING: 7 (0.20%)
    SPAM TRAPPED: 2738 (79.39%)

    TOTAL EMAILS: 3449

    Um, Houston ... we have a problem.

  9. Yes, that's fine. by mindstrm · · Score: 4, Interesting

    They didn't hijack the domain.

    But receiving and publishing private correspondence that's destined for someone else is not. When you purchase a domain someone els used, it's NOT the same thing as purchasing their business from them.. it doesn't automatically entitle you to anything.. other than the domain.

    Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.

  10. Re:Photo of alleged spammer by Anonymous Coward · · Score: 4, Interesting

    I know this guy personally (posting anonymously for obvious reasons). He got the company from his father, as a birthday present.

    He is friends with this guy. And I mean, good friends. There was a third guy (American) who brought them together. The Fluffi Bunny guy was into serious fraud (hell, I've seen it happen first hand, stolen credit cards used in night clubs in London, heavy drugs, etc.).

    I am not surprised that now Bevelander is under the spotlight. He was a criminal two years ago when I met him. He is a criminal now.

  11. Summary of the article (in case it's slashdotted) by jarran · · Score: 4, Interesting

    Spamfighter gets holds of spammers inbox. 99% of it is junk. 1 e-mail is of minor passing interest.

  12. Don't go after the dealer...go after the USER! by clmensch · · Score: 3, Interesting
    Why oh why do we expend so much energy attempting to come up with technical and legislative roadblocks to stop the spamming schmucks out there? Wouldn't it be easier to make it illegal to ADVERTISE in that manner? Go after the businesses that pay these jerks.

    If that's not possible, couldn't someone just host a database that users could add the name (+address/phone info), url, and offending spam-message to? That way an organized boycott/reverse spam/snailmail campaign could be lodged against those who pay to clog the internet with their muck? I couldn't have been the first person to think of this...perhaps something like this already exists?

    --
    There is no gravity...the earth just sucks.
  13. Re:Follow the Money by Animats · · Score: 3, Interesting
    Exactly.

    I'd like to find a financial institution that will give me a credit/debit card number for which they will reject all transactions, and they immediately relay to me any transaction data that comes in over the banking network. That would be a big help in finding spammers.

  14. Been there, done that by Animats · · Score: 4, Interesting
    I saw a spammer's incoming mail when a spammer tried to use my "downside.com" domain as a return address. I got about 16,000 e-mails, mostly mail bounces with a few threats and hate mails. (Those last I answered personally.)

    Shutting the spammer down took about a month, but ultimately was successful. I got their 24 porno sites, two fake billing sites, and a few other related sites kicked off ISPs from Sao Paulo, Brazil to Brooklyn NY to St. Petersburg, Russia, where they actually were. They've been down for months now, and they are staying down. They don't seem to have come back under a different name; searches for ther subject matter in Google come up empty.

    I had the advantage that I own "Downside" as a registered trademark. This gave me some legal leverage.

    One useful tactic was to report phony domain registration info to ICANN. Some domain registrars will then lock the domain against changes until the domain owner provides them with valid ID info. If you do that, and you then get them kicked off an ISP, their domain is locked to an ISP that won't host them, and they can't fix it without disclosing their identity to their registrar.

    In this case, the spammer had their own DNS server, so they could quickly move their sites from ISP to ISP. But I managed to get all three of the domains that handled their DNS queries locked, then kicked off ISPs, which took down their entire set of sites.

    It turned out that the CEO of their ISP's upstream provider in Russia was somebody I knew from the 1980s, so I was able to get even a Russian ISP to cooperate.

    You don't have to sit there and put up with this stuff. You can fight back and win.

  15. Re:Bevelander by brrrrrrt · · Score: 3, Interesting

    This guy is hilarious.

    A couple of years ago (the dot com bubble was still hot), the biggest Dutch tabloid newspaper De Telegraaf carried an article about him, in which he portrayed himself as the Next Big Thing (tm) to happen to the internet, likened himself to Uncle Scrooge, Bill Gates etc.

    A couple of days later it turns out his "anonymous venture capitalist" is his rich daddy.. :)
    And the big and impressive colour picture of him amidst the 19" racks with servers, routers, storage units, ups's, cables etc. was not taken in his company, but was him standing among the gear of his colo company :)
    He was fighting with all of his 50.. oops, 20.. sorry 10, no.. 5 employees, none of whom could program or decently operate a unix system.

    In the course of the years his company turned itself into a major slapstick with sysops announcing to peering isps that they were "as of now publicising the following ip-range:
    192.168.0.0/16"

    (historical!)