Spamfighters Get A Hold Of Spammers' Incoming Mail

Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously, the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels. Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."

I don't suppose

[AndroidCat]

that they are getting many eCards of sympathy from other spammers? In that business, I would be surprised if they didn't try to sabotage each other now and then.

Re:I don't suppose

[pphrdza]

Contrary to popular belief, spammers do care. Sample sympathy e-card:

Lonely in Cyberspace?
Lost contact?
Find that special person:
[insert favorite spam ad here]

Re:I don't suppose

[AndroidCat]

Hurt by your loss
Softly crying wet tears
Of ophidian origin.
Make Money Fast!

I guess...

[fafaforza]

These guys are entitled to wear the "I read your email" tshirts.

Errr...isn't this illegal?

[PhysicsGenius]

Or at least immoral? I don't think "the end justifies the means" is really a valid defense, especially as there's no "end" in this case. They are just reading someone else's email. And "White hat hacking" doesn't apply either, as that refers to people who are asked to break in to a computer to test it, not vigilantes like our own Fyodor, who use their skills to merely harass people that annoy them.

Re:Errr...isn't this illegal?

[AndroidCat]

They own the domain. There is possibly an analogy with getting smail for the previous occupant, but it's a very bad analogy. The Post is prepaid and government regulated.

If they wanted their email, why did they suddenly drop the domain and run?

Re:Errr...isn't this illegal?

[bishopi]

Or at least immoral?

I'd go with Immoral more than illegal - since they ARE the registered owners of a domain that was voluntarily dropped, they are technically the "owners" of that mail at this point in time.

Mind you, there's probably a few hundred lawyers out there who were spammed previously who'll defend them if it becomes an issue ;)

Ian

Re:Errr...isn't this illegal?

[ChrisPaget]

RTFA. They didn't hijack the domain, they re-registered it when cyberangels de-registered it. They bought and paid for a domain that the previous owner no longer wanted.

Re:Errr...isn't this illegal?

[Nfnitloop]

If you move into a house somebody just moved out of and receieve their junk mail (which is really all that they're getting here) do you think they're really going to care? It doesn't appear to have any personal emails or anything - just spam for the spammers. The nature of email doesn't put it in an "envelope" - it's synonymous with a postcard. If the postman or the person who received the card at their newly aquired address end's up reading it, big deal. There's no expectation of privacy.

Re:Errr...isn't this illegal?

Well, if the owner of a domain changes, then mails intended for the previous owner will inevitably be mistakenly sent to the new owner.

I very much doubt that this could be validly considered illegal in this sense. Immoral...that depends. If you sign up with an ISP and end up with a mail address that used to belong to someone else, it'll be difficult for you to determine which mails are intended for you without reading them.

A solution could be to have a time (e.g. 6 months) during which a domain can't be reassigned after the previous owner has abandoned it, so that potential senders will get their mails appropriately bounced and realize that the address is no longer valid.

Re:Errr...isn't this illegal?

[cast0r]

pf

Re:Errr...isn't this illegal?

[TheDredd]

At least now you can link some people to the spamming. But then again, can somebody paying some company to spam be prosecuted?

Re:Errr...isn't this illegal?

[ClickNMix]

Sending an email is much more like sending a mail thats labled 'The Current Occupier' or some such, rather then a named person at a postal address. They have every right to read it and do what they like with the contents...

Unless there were particularly sensative contents in the emails, acompanied with the disclaimers a lot of businesses append to emails about if your not the rightful recipient, you should and shouldnt do X, Y and Z.

Re:Errr...isn't this illegal?

[sulli]

A lot of things you wouldn't expect are legal in Holland.

Re:Errr...isn't this illegal?

[AftanGustur]

They own the domain.

Yes, but not the email that is sent to the domain.

The owner is the author of each email, and the mail is not intended for them.

I completely fail to see how on earth it could possibly be legal to not only set up the domain to receive mail for all (nonexisting) addresses (knowing you are going to receive far more than just *your* email) but also to publish said email on a website.

Re:Errr...isn't this illegal?

[IsosAvrio]

<i>It doesn't appear to have any personal emails or anything - just spam for the spammers.</i>
<br>
This is true for <i>almost</i> all of the mails. There seems to be one of the two business emails included that they use as <a href="http://www.cyberangels.nl/evidence/mailmarti jn.html">evidence</a>.
<br><br>
IANA L, so I don't know if it's illegal, but I think it is difficult to say it's not immoral. One could say that the cause justifies the means...

Re:Errr...isn't this illegal?

[whaley]

I don't think so. The obvious controversial thing that's somewhat legal (actually, illegal but not actively hunted down) is posession and use of a small amount of cannabis as well as growing some plants for your own use. There have also been (and probably still are) experiments in treating hard drug addicts by supplying them with the drugs in a somewhat controlled way.

And if done carefully, you may publish some of the "Church" of Scientology's trade secrets...

On the other hand, it is actually illegal to kill people even if they are convicted criminals, and carrying guns is quite restricted too.

Actually, I think we (the Dutch) have quite a good legal system even though there's always something to complain about :-)

Re:Errr...isn't this illegal?

[aethera]

When I bought my first domain, I thought it was entirely new, but it turns out it previously belonged to some small tech company in SoCal. I still get maybe 5-10 pieces of ham a week intended for these people, and probably another 60 pieces of spam. Overall not too bad, but its strange because even though I've never figured out what this company did ( and maybe that was their problem too..) I've kind of gotten to know each of the six or so people who had addresses on the domain simply based on the type of mail they receive. If I ever found out who these people were, I'd probably forward the mail to them just to be nice, but they seem to have dropped of the face of the planet.

Re:Errr...isn't this illegal?

[uityup]

I'd think this would fall under abandoned property. They didn't want it anymore and someone came and picked it up.

If they were really concerned with the privacy of their email, they should have sent nice forward notes to everyone they've ever spammed to let them know they moved.

Re:Errr...isn't this illegal?

[Redman]

email as it exists for the most part today, is like sending a postcard. At least that's the rhetoric behind some of the responses from early spammers: "Well someone with that email address opted in for email. Maybe it was the person who had it before you? Don't you want it?" Nobody had this domain before me, thanks.

If they wanted private email, they maybe shoulda used something like PGP or something like TLS to authenticate. I would think that spamvrij.nl didn't get access to any private keys or certificates.

RM

Re:Errr...isn't this illegal?

[Carrot007]

Sounds pretty much right.

If people wanted email to be private they would encrypt it.

And any excuse about them "not knowing how" is about as relevant as people not knowing what an envelope is (or indeed caring)

Re:Errr...isn't this illegal?

[AftanGustur]

If they wanted private email, they maybe shoulda used something like PGP or something like TLS to authenticate.

You're being childish here .. The question is about legality of the actions, not if they "could do it", as seems often to be used to justify bad things ..

Re:Errr...isn't this illegal?

[gl4ss]

wouldn't matter over here.

email is considered to be much the same as normal mail by law here, and so the same secrecy/privacy laws apply to it.

so, this could(probably would) be a case where you moved in a house and then received mail that was supposed to go the earlier owner of the house. you are not allowed to read through it and do a complete analysis of the psyche of the previous occupant, even if he was a convicted murderer and got hauled out of the house because of that.

that is why there is so much flaming and fury when there's those "employer reads employee emails", because here email(if it is somehow 'protected', with password and what not, meaning that if the employee is under the impression that it is _personal_) is considered just as private as if the employee left a closed letter on his/her desk with his/her name on it, and it would be VERY illeagal for the employer to open it and check whats inside, even if it was companys letter... few heads have rolled because people tried to get information on who made a leak to the press from a tele company over here, undoubtly the leaker used the company owned phone, probably even a company paid gsm subscription. yet, it's enough to send people to jail for just sniffing in the logs who called who.

a letter would be a letter even if it wasn't sent by the gov regulated system(and, internet is prepaid and gov. regulated by the way).

'here' is Finland, and undoubtly many, many other places, where privacy and freedom prevails, if stumbling at times..

Re:Errr...isn't this illegal?

[gbjbaanb]

I would have thought its a service for the previous owners...
Dear ex-cyberangels, we've received a fair amount of email for you, but as we don't have a forwarding address we've uploaded it to a web site so you can access it at your convenience.

I wouldn't want my email read by others, but then, I'd arrange with my contacts to forward my mail elsewhere, or at least inform them I've moved address.

Re:Errr...isn't this illegal?

[EvilAlien]

Illegality repends on the privacy law in the Netherlands. I have no idea what things are like there, so it could very well be illegal. As far as morality, that entirely depends on what morals one subscribes to, doesn't it?

I'm sure there are many people who think it would be a great moral good if all the spammers in the world had their fingers broken...

Re:Errr...isn't this illegal?

[AftanGustur]

There is no law in any country that affects e-mail with regard to who actually owns it. You're "theory" (at best) is completely without merit. Since these people bought the domain, it is their right to do whatever they want with the incoming mail.

You are horribly wrong.

Re:Errr...isn't this illegal?

[geekee]

"If you move into a house somebody just moved out of and receieve their junk mail (which is really all that they're getting here) do you think they're really going to care?"

Who do you think you are, that you can make that decision for the actual mail recipient?

Re:Errr...isn't this illegal?

[AndroidCat]

How about the Old West justice bad analogy? These people were sending out billions of unsolicited emails. (Possibly pr0n to minors.) Why do they deserve any protection or courtesy?

Ooh! The Open Source bad analogy! Publishing the spammer's email allows a distributed analysis by spam-fighters world-wide. Possibly someone has information about these criminal activities that wouldn't be connected without access to the emails.

I hope that they checked the legality under Dutch law first, so it's probably/hopefully legal. As to if it was morally wrong or not, I'm still undecided. (Not that I'm not laughing my ass off over it. :^)

Re:Errr...isn't this illegal?

[intermodal]

not true. the recipient of email has the right to do with that email as they please. The difference between email and postal mails is that postal mail has a name and address. Without the name portion mandated, the address is all that matters.

Re:Errr...isn't this illegal?

[Petter3]

US laws still don't apply outside the US. Well, most of them don't. Not yet, anyway.

Re:Errr...isn't this illegal?

[AndroidCat]

Okay, I'll be serious. The sender of the email does own the copyright on the email. Publishing that email on a website might be a violation of their copyright if they object. Even if the website now has a notice that emails will be published, there was no prior notification of this change and the senders had no expectation that this was so. If anyone minds, let them speak up.

Now, as for the previous owners of Cyberangels (I believe Martin still denies any connection), their rights are murkier and probably depend on national laws. There I won't even claim to know what they might be. Of course, if Cyberangels is linked to criminal activity, we might not be hearing from anyone claiming to be the previous owner for a long time. (Hopefully 5 to 10 or so.)

As I said, I'm undecided about the moral question. After all these bad analogies (smail, postcard, etc), my take is that email is like an elephant. And an elephant is soft and mushy. (Kliban ref.)

Re:Errr...isn't this illegal?

[thisgooroo]

get the domain, set up accounts with the ids of previous members and reroute the mail to your mailbox, and you are the legitimate recipient

if you want a particular person to read it rather than anybody who happens to have access to the email account the email is directed to, you better arrange some extra security (like GnuPG or PGP

Re:Errr...isn't this illegal?

[sulli]

I didn't say it was a bad thing.

Re:Errr...isn't this illegal?

[spencerogden]

I don't think it is childish. Sending email is like sending a postcard it that the contents of that email are easily readable by every computer system that touches the email. Its not like you have to own the domain to read mail sent to it, it just makes it easier.

If you want a letter to be private you put it in an envelope (encrypt it), if you want to verify that you sent the letter you sign, etc.

Re:Errr...isn't this illegal?

[thisgooroo]

technically, email gets sent to whoever holds the account the email is directed to. if the sender mistakenly believes this to be a particular person, it is his problem. the equivalent in snail mail would be a letter addressed to "occupant of ..."

Re:Errr...isn't this illegal?

[Noofus]

Are you sure email follows the 'Current Resident' labelling? I see it more like a cell phone number. Your email is protected by a password (at some level), so it would be safe to assume nobody else would read it. sure, root@localhost can see it, but in a large networked environment you need to assume root doesnt peek, or you dont send anything sensitive that root may see.

To me, your analogy seems more like some apartment landlord sold the property to someone else. And that new owner is going around to all the mail slots and opening them to see whats inside, in case something interesting arrives even after the original tenant was evicted.

Re:Errr...isn't this illegal?

[Trolling4Dollars]

And you may as well crawl under one... ;P

Re:Errr...isn't this illegal?

[jonadab]

I don't want their fingers broken. I just want their internet service
revoked and their keyboards confiscated, that's all. They can then be
offered nice productive jobs that don't involve access to the net,
and we'll all be happy :-)

Re:Errr...isn't this illegal?

[Thuktun]

I completely fail to see how on earth it could possibly be legal to not only set up the domain to receive mail for all (nonexisting) addresses (knowing you are going to receive far more than just *your* email) but also to publish said email on a website.

Ignoring the ethics of posting the emails to their website, how could domains possibly be transferred between owners without this issue cropping up? I mean, would you have them spam the world, announcing the domain transfer and asking people not to send sensitive information that they don't want read by someone else? By the time an autoresponder responds, the email has already been received, and a domain holder has no indication whether the inbound email was intended for them or the previous holders of the domain.

Re:Errr...isn't this illegal?

[kavau]

It doesn't appear to have any personal emails or anything - just spam for the spammers

But they discovered (and published!) at least one personal email!

Re:Errr...isn't this illegal?

[pe1chl]

No, that is not a correct representation.

A lot of things are illegal in Holland, but nobody ever bothers to do something about it.
You may know about cannabis posession. It isn't legal but no policeman or judge will bother.

What they did here is certainly illegal. However, they will most likely get away with it.
Even when the original owners of the domain speak up, they will most likely only hear that cases like this are not a priority of the legal system.

(the priorities of the legal system are very unclear. there is a definite bias towards cases that yield a good income, like putting up a camouflaged speed trap on a motorway behind a "30km because of roadworks" sign, or towing away cars from places where it not allowed to park them. finding and locking away the thief of your bicycle or laptop isn't a priority. hence, plain citizens are a victim but criminals rarely are)

Re:Errr...isn't this illegal?

[ninewands]

Are you sure email follows the 'Current Resident' labelling? I see it more like a cell phone number. Your email is protected by a password (at some level), so it would be safe to assume nobody else would read it.

I go along with the 'Current Resident' model for resolving the legalities of this question. My plaintext e-mail is NOT protected by a password, my POP3 mailbox IS so protected. If I want the MAIL itself protected by a password, I should send it encrypted (privacy assured) and signed (authenticity assured).

BTW, IAAL

Re:Errr...isn't this illegal?

[way2trivial]

so the ISP/domain that supplys your net access is sold, in the space of 2 hours

are you saying the new owners can read all the email to you? as they now own the domain?

Re:Errr...isn't this illegal?

[Kiffer]

I'd think this would fall under abandoned property. They didn't want it anymore and someone came and picked it up.

what about theft by finding? or is that not counted as a crime where you are?
it's not a crime that jumps to mind. i know but its still a crime here.
If I loose $100 in my house when I move out and you move in, if you keep it, you stole it.
If you find it in the street and keep it, you stole it.
keeping that which is lost but not abbandoned is stealing, but how do you tell the differance?
In this case I'd say it was abbandoned, but I forgot to renew my domain and someone snapped it up and read my mail ... that would be stealing ... both of the domain and of the mail.

often its a hard call, is something abbandoned or lost ... normaly I presume money is lost and cheap things a abbandoned this makes things easyer ... if any one asks about the things I hand them over... if no one comes looking then they where abbandoned... sort of works with money to but its harder to justify.

Re:Errr...isn't this illegal?

[instarx]

US laws apply in the UK if you are a US citizen. A US citizen who breaks a US law in another country where that activity is legal CAN be prosecuted in the US for the act. This policy was originally applied in response to people who would travel to Asian countries to have sex with children, but it applies pretty much across the board.

Re:Errr...isn't this illegal?

[AftanGustur]

US laws still don't apply outside the US. Well, most of them don't. Not yet, anyway.

Well, there is also the Berne Convention with 131 member countries ..

Re:Errr...isn't this illegal?

[Gyske]

1 big but. This all takes place in The Netherlands were US law has no ground. But we do have similar laws and quite strict privacy protection laws. The aforementioned e-mail has now been removed, probably because of the privacy laws. I am a firm believer in that the everybody should live under the same laws. But this company has not really respected our privacy and it is a bit ironic that now they appeal to the privacy laws.

Hold on...

[bugsmalli]

Lemme check my email...OH MY GAWD!!!!!

Re:Hold on...

[TrekkieGod]

Yes. I also quite suprised when I noticed I didn't have any spam today.

I wonder...

[GeckoFood]

How many of them do you suppose answered the ones for discount Viagra and penis enlargement? Oh, wait, nevermind...

Haha!

[Gortbusters.org]

2 attempts to subscribe ba@cyberangels to a gay magazine;

The trolls strike again!

This is Awesome

[Slack0ff]

This is probally one of the best news stories I have seen on /. in a while. I went ahead and sent a link to everyone in my address book. Matter of fact I sent it to them all 3 times and then sent 1 additional message advertising how i made 55 thousand dollars in 2 hours. Now if I only knew these people in my address book.

limited access

Hmm... My employer's domain filter won't let my browse through this one.

I guess I'll simply check my mail to see what these spammers are up to today.

Re:limited access

[sabri]

Try this. It's a symlink on the same box

Not much success there...

[WIAKywbfatw]

6305 incoming emails and not one of them contained an order or anything else positive.

So, lessons to be learnt here if you're a spammer:

1. Give up - it's clearly not worth the effort; or
2. Keep at it - if at first you don't succeed, try again!

Now if only we could somehow get them all to learn lesson 1 instead of lesson 2 then we'd be home and dry.

Re:Not much success there...

[mccalli]

6305 incoming emails and not one of them contained an order or anything else positive.

You know, I was just putting together a response that said this too. Then it dawned on me - of course there weren't any positive responses via email, all the reply addresses on spam are faked anyway.

Sadly, this encouraging count of zero doesn't actually reflect the number of potential respondants to spam. For that, we'd need to know if anyone called any of the telephone or fax numbers they list.

Cheers,
Ian

Re:Not much success there...

[UberChuckie]

There was an 'other' entry in the business section. :)

Re:Not much success there...

[/dev/trash]

Do you really think the spammers are actually the storefront?

Re:Not much success there...

[haystor]

Cuando Omni Flunkus, Moritati

Re:Not much success there...

[poot_rootbeer]

Sadly, this encouraging count of zero doesn't actually reflect the number of potential respondants to spam. For that, we'd need to know if anyone called any of the telephone or fax numbers they list. ...repeatedly, until the phone bills drive the spam senders out of business.

Re:Not much success there...

[madprof]

Since when has ringing someone added to their own phone bill?

Not in three days.

[Bilange]

...what kind of mail does a major spammer receive in the course of three days? By now, we have a very precise answer: 6305 mails.

They are wrong. Look in the page linked:

Introduction: 6305 mails in (basically) one day

Re:Not in three days.

[Yosemite+Sue]

Until now - 06-07-2003, 23:00 GMT+1 - we have received a grand total of 6305 mails. The oldest is dated Tue, 24 Jun 2003 01:10:17 GMT+1, and the bulk of the mail was sent between 01 July and 04 July 2003.

It kind of depends on how you count the mails ... received or sent?

YS

Bevelander

[dapozza-]

It's all about a young guy called Martijn Bevelander, there is alot of press now here in Holland because the net is closing around him. Hope he gets banned from the Dutch Internet provider group and his company stops.

Latest news (in Dutch):

http://www.webwereld.nl/nieuws/15564.phtml

Re:Bevelander

[AndroidCat]

Here's a story in The Register about Martijn Bevelander and this turn of events.

Re:Bevelander

[dapozza-]

check this about Martijn FotoFuckFriday @ retecool.com

Re:Bevelander

[Dark+Lord+Seth]

I hope he comes to visit me. Would be fun to read on the internet:

Dutch spammer forced to eat printouts of 3500 commercial emails.

Re:Bevelander

[brrrrrrt]

This guy is hilarious.

A couple of years ago (the dot com bubble was still hot), the biggest Dutch tabloid newspaper De Telegraaf carried an article about him, in which he portrayed himself as the Next Big Thing (tm) to happen to the internet, likened himself to Uncle Scrooge, Bill Gates etc.

A couple of days later it turns out his "anonymous venture capitalist" is his rich daddy.. :)
And the big and impressive colour picture of him amidst the 19" racks with servers, routers, storage units, ups's, cables etc. was not taken in his company, but was him standing among the gear of his colo company :)
He was fighting with all of his 50.. oops, 20.. sorry 10, no.. 5 employees, none of whom could program or decently operate a unix system.

In the course of the years his company turned itself into a major slapstick with sysops announcing to peering isps that they were "as of now publicising the following ip-range:
192.168.0.0/16"

(historical!)

I don't believe these numbers...

[JaredOfEuropa]

"Introduction: 6305 mails in (basically) one day
We received 5880 bounces and forwards
We received 12 spams for @cyberangels
We received 40 attempts to annoy Cyberangels
We received 371 complaints about Cyberangels
We received 2 business mails"

In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars! ;-)

Re:I don't believe these numbers...

[Brandeissansoo]

Maybe they have some good anti-spam filters?

Analysis...

I'll be that about 90% of the email is some variation of:

IF I EVER MEET YOU I WILL KICK YOUR ASS

What astonishes me

[Knife_Edge]

Is how few emails were for business. I assume this category would include responses to spam. Maybe I do not understand the story, and the CyberAngels people were merely responsible for sending the spam (for other people), and if anyone responded to the offers in the mails it would go to an non-CyberAngels address. Or possibly redirected to a website, where they could make a purchase. Yeah, as I type out my thoughts, the reason for the dearth of business emails becomes clearer.

I had hoped for some accurate stats on the actual response rates to spam. I have heard rumors flying around that they are insanely low, like .0003%, and insanely high (compared with other forms of direct marketing), like 5%. People can argue for one side or another, but I need more evidence than conjecture to begin to understand the problem. If the response rate is already very low, then relatively simple technological solutions would probably suffice to drive them low enough to make spam unprofitable. If the response rate is high, it is going to take a lot of effort to fix this problem, possibly involving a redesign of the email system.

Glad to see these spammers were shut down, but we need more insights into the way they operate in order to shut them all down.

Re:What astonishes me

[Alizarin+Erythrosin]

I guess it would depend on how you classify the "response rate". Is it people reading the email, visiting the website of the product or service being hawked, or just a flat out purchase? I'd say that if you checked all those, it would decrease sharply on that last one.

Re:What astonishes me

[Jad+LaFields]

If by 'response rate' you mean a purchase, I think more than just a redesign of the email system will be necessary if the response rate turns out to be 5%... we're going to need a redesign of people's heads.

Seriously, who buys stuff from these jokers, anyway?

Re:What astonishes me

[gregmac]

If the response rate is already very low, then relatively simple technological solutions would probably suffice to drive them low enough to make spam unprofitable.

But thats the problem - once you can send spam, sending more spam is not exepensive at all. The spammers philosophy is "if the response rate is 0.1%, and we send out 1,000,000 emails, then we get 100 responses. So if we want 1000 responses, we send out 10,000,000 emails".Since most spammers are using hacked/open-relay systems (afaik), it costs them nothing but an internet connection.

Re:What astonishes me

[Kintanon]

You apparently have to be some kind of supergenious haX0r private detective to buy anything from any of these companies. I've gone through all of my spam recieved in a day (about 40 pieces, give or take) and tried to find a place to send money to the company mentioned. In all but one case I failed to find any website, phone number or fax number that could lead me to a place that allowed me to exchange money for services/goods. The single exception was a spam from Radio Shack.

So apparently only the smartest people in the world are able to purchase from most spammers, talk about your niche market!

Kintanon

Re:What astonishes me

[len_harms]

Compairing it to another medium like snail mail while seems ok is not. Here is why. Its about ROI. Lets say it costs me 500 bucks to spam 100000 people. I am selling product X with a profit per item of 50 bucks a pop. That means I only need 10 people out of 100000 to respond and poof im in the green. Its that simple. Now lets say I dont get 10 responses I get 100. See how it scales very nicely. Now think about this. For 200 bucks I can get a 'busness class' cable modem around where I live, which is about 8 mega bit. Thats almost a meg of data a second. Thats 1 line for a month. Think how much crap you can spew in a month.

If they were NOT making any money it would be within a year. They do not have to be making huge amounts of money for them to just have it as a 'hobby'. However from what Ive seen of some of the dudes interviewed they are RAKEING it in. So they are probably getting AWSOME response rates.

The funny thing is I have yet to recive any spam on my busness email, and I have had it for 3 years. My company does not filter it. They just tag it as 'possible spam'. Then the leave it up to me to filter. The reason is simple. I ONLY give that email to busness associates. Other people I know put it ALL over the web. They get hundreds per week. I have a 'junk' email account and that gets tons of stuff. But its my filter, all the rest are private.

Only 6000?

[RealisticWeb.com]

6000 emails in 3 days? That doesn't sound like nearly enough for a serious spammer. I had a web server compromised by a spammer last year and I received more than 6000 bounce-backs in less than three days before I found the hole and patched it up. It seems to me like a professional spammer would have several servers at several IP's and get way more spam than that. Especially when you include complaint email.

Re:Only 6000?

[snillfisk]

As others has pointed out, the numbers in the summary is wrong -- and if you had read the article (but hey, this is slashdot) -- you would have seen that quite fast.


Introduction: 6305 mails in (basically) one day
We received 5880 bounces and forwards
We received 12 spams for @cyberangels
We received 40 attempts to annoy Cyberangels
We received 371 complaints about Cyberangels
We received 2 business mails


I'll leave it up the regular reader to multiply by three :p

Re:Only 6000?

[Slack0ff]

Hell the company I work for has a filter that catches around 1000 spam aday. 3000 isnt really that big of a number.

Re:Only 6000?

[Erik+Hensema]

The spams were sent using a forged return address. One small Dutch provider got fed up with them, and now forwards all mails to our ripe-contact address.

AFAIK there were no bounces directly to @cyberangels.nl.

Erik Hensema (secretary of the spamvrij.nl foundation).

Re:Only 6000?

[jonadab]

> 6000 emails in 3 days? That doesn't sound like nearly enough
> for a serious spammer.

Read the article. Those are just the bounces that got *forwarded*
correctly. The vast majority of the bounces were directed back to
the (faked) From addresses; a small percentage of technically savvy
victims figured out where the junk originated and set up automatic
forwarding back to there; this is the 5880 number.

I don't know exactly what percentage that would be of the total
bounces. It would of course be a very small percentage of the
victims who would figure stuff out and set up the .forward --
certainly less than 1%. However, 5% of the people get 95% of the
spam, so it might be a somewhat higher percentage of the bounced
messages. It's hard to say. 1% is probably a fair bet, in terms
of being within an order of ten (that is, the true percentage is
very likely between .1% and 10%). Which means between 58800 and
5880000 bounces -- rounding, we can guess between sixty thousand
and six million bounces were generated by this outfit's activity
during a 1-3 day timeframe. We do not know whether this is a
typical amount or an outlier, or how much variance there would be.
All numbers courtesy of Jonadab's Flagrant Guesstimation, except
for the initial 5880.

If we give them a heaping passle of benefit-of-the-doubt, we can
imagine that during a three-day timeframe only fifty thousand
bounce messages resulted from their activities *and* that this
was a very active period for them, perhaps ten times normal, so
that in an average day we can imagine that they would only cause
around 1500 bounces netwide. That's a VERY conservative estimate,
yet it's obviously enough that any responsible ISP ought to revoke
their access first and ask questions later. Translation: spammers
are scum. As if you didn't already know that.

Interesting autopsy

[Migraineman]

They've done a nice job of analyzing the residual influx of email, while not airing all the dirty laundry. They didn't post a complete session log, so there's no information that may get folks upset. The last business email listed as "1 other" is probably sensitive, and shouldn't be posted on the web (though sending them a "we know who you are" message may make them think twice about using spam in the future.)

Re:Interesting autopsy

[Fjan11]

The "1 other" e-mail is up on the website, and it is interesting indeed. It is addressed to a person by the name of Martijn. Could this be the same Martijn Bevelander who denies having anything to do with CyberAngels? Investigation by NLIP (Dutch service provider association) into the operations of Mr Bevelander is pending...

Spammers

Spammers intressts me, I hate them. But I do wounder how much the company buying the spamming service actualy to earn in the end. For ones I contacted a company about there wounderful product, and said I was intressed in buying some. My idea was to get hold of a real life person, to send my "I live in a country where its illegal to spam people, so you guys broken the law!".. But ofcourse I didnt mention that on "intressed in your products" mail I sent them (on there official sales email from there site).. Now whats realy make me confused is that they never wrote anything back.. So..

1. Spam me
2. Ignore me if I want to buy there product
3. ???
4. Profit!

Re:Spammers

They're probably trying to get you to phone a (bogus) order line at $4.95 per minute, and not actually selling anything (apart from an overpriced phone call).

Re:Spammers

[mooredav]

they never wrote anything back..

...probably because they were shut down.

The Ol' Gay Porn Tactic

[LegendOfLink]

"2 attempts to subscribe ba@cyberangels to a gay magazine;"

Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine. Gets 'em every time.

Re:The Ol' Gay Porn Tactic

[AndroidCat]

The people on the Net who really know how to fight back now 0W3NZ his domain. :^P

Re:The Ol' Gay Porn Tactic

[xdroop]

Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine.

I wonder if there are any legitimate consumers of gay porn email lists, or if they are exclusively used to annoy people?

...on second thoughts, never mind [shudders]...

Only one way to make money for Spammers - steal it

[Snaffler]

The sheer volume of messages must mean that most spammers are out for only one thing: credit card information. And the best way to get those is to run some scripts to strip out the necessary information. I cannot believe that they can take the time to actually parse out the information by hand, figure out which non-existent product they are selling, and sell anything. 6,000 per day would be 8 seconds per message in a 12-hour day, more or less. I have heard that 40-60 percent of spammers never ship any product, just take a bite out of your credit card and move on. This goes a long way toward confirming that suspicion.

Hmmm

LOL so you say the now have lots of data on someone (spam e-mail) and got it through an amusingly simple and old tactic. We have a word that: sabatage. Let the spam companies go bankrupt

Address spoofing.

Since the header shows a return email address that doesn't belong to the spammer, the bounces go to compromised servers like yours was and people who get sent the spam usually can't figure out who to complain to. There's little reason for a spammer to accept incoming email, so they probably don't have any email addresses on their websites and email harvesters don't send them spam.

I don't either!

[siskbc]

In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars! ;-)

What I can't believe is that they didn't get more *dictionary* attacks than that, I mean, ba@cyberangels.com should have gotten spammed like crazy with such a short username.

Could it be that since they have so little non-spam-related activity that spambots didn't up the domain? I'm completely guessing here, but the ratio does seem incredibly wrong.

Re:I don't either!

[nordicfrost]

It might be that the domain was not a priority for brute force attacks. A brute forcer would probably target a more known and populated domain.

Re:I don't either!

[siskbc]

It might be that the domain was not a priority for brute force attacks. A brute forcer would probably target a more known and populated domain.

That's what I'm thinking. But I've heard of guys hosting their own domains get hit with dictionary by spammers who I guess are too dumb to check that out. So I do think these guys got lucky on the whole.

Actually, my new theory is that spammers don't spam spammers for the same reason that snakes don't bite lawyers: professional courtesy. ;)

Good for them!

I'm pretty happy about that. According to an article in The Register, One of the board members of spamvrij.nl is Karin Spaink, very likely the same Karin Spaink who has been involved in the battle against $cientology.

Taking on spammers nd $cientologists. Damn. She's got guts.

Re:Good for them!

[Thagg]

Indeed, Ms Spaink is one of the most intrepid voices on the 'net. More power to her.

The Scientologists have sued her some (long) time ago over a copyright issue, and she won. They've sued her again, and that trial is in an extremely weird state -- the judgement keeps getting delayed. Every day when the judgement becomes due (the Dutch courts apparently say in advance when they will have a decision) the court announces that the judgement has been delayed a few or many months, and announce that new date. So far, it has been delayed, I believe, 6 times, and is coming up for a new date very soon -- when it will probably be delayed again.

Go Karin!

thad

Re:Good for them!

[AndroidCat]

Heh. Take a look at who submitted the story.

There a number of people who dislike the actions of Co$ and can't stand spammers either. I'll tell you, after being threatened by Co$, the threats of a punk spammer seem pretty lame.

Re:Good for them!

[Yeti7226]

Karin Spaink is has been battling Co$, Spammers and MS (the disease, not the company) for years. It's nothing short of amazing how she just keeps going.

Re:Good for them!

[kspaink]

It's been delayed 8 times, now. I have applied for a Guinness Book of records nomination.

Re:Good for them!

[ratfynk]

If she is fighting $cientology then she is taking on a big portion of the corrupt part of $holywood/Vegas USA.

She's going after the largest pseudo scientific religious money making scam artists. No dought the pr0n industry is part of the equation. Spam is one of their biggest products. Just hope organised crime does not get her first.

I know organised crime does not exist anymore, according to TV reports. Joe Blow America does not care who or even know who is running the show.

I did not change my sig for this post so it is a little wierd... sorry

Re:Good for them!

[ratfynk]

Thongs that dip have never been my strong point!
Being Martian I have a little bit of trouble with English. This is something that "up with which I have learned to put". A loose quotation from a famous Britt.

Point is that the good work being done by those who have the balls to fight the real cause of spam and corruption is being overlooked by the media.

Re:Legal?

I suppose the question to you would be how is it illegal? The burden of proof falls on the accuser not the defender. As far as I know there are no federal laws regarding email as there are for regular postal service mail. If you can think of something this violates then let us know.

Re:The Ol' Gay Porn Tactic versus 20 Pizzas

[MisterMook]

I imagine it only has something to do with the European location that they didn't get order confirmation requests for hundreds of pizzas too.

Actually

[EnglishTim]

I think the word we have for that is actually 'sabotage'.

Re:Actually

[AndroidCat]

And think about the origin of the word sabotage. This is a Dutch story too.

Re:Actually

[Dyolf+Knip]

I'll bet you that 99% of the people here on /. who know the origin of the word do so from the exact same source.

Re:Actually

[shane_rimmer]

This is getting off topic, but those people are probably wrong.

The term "sabotage" relates to disgruntled French workers who, in revolt, cut the sabots holding the railway lines in 1912. A popular misunderstanding is Luddites threw their wooden shoes into the machines to brake them up. However likely this may be it is not the origin of sabotage

Photo of alleged spammer

Mr. Bevelander was proclaimed to be the "Dutch Bill Gates" by the Telegraaf, the largest newspaper in the country.

The text says that his teachers predicted he would end up in the gutter. At age 16 he started his own Internet company. "If I end up in the gutter, it will be my gutter!", he defiantly said.

I guess his teachers were right after all...

Re:Photo of alleged spammer

[dapozza-]

haha yes that was funny back then ... here are two phonecalls with martijn. To bad it's Dutch only but on the second you can hear that Martijn and his partner in crime get very upset. Very nice to hear if you can understand it. Look for "zijn ontkenning en het artikel in Planet Multimedia gisteren met de telefonische ontkenning van Bevelander plus het gesprek met Bevelander en zijn compagnon."

Re:Photo of alleged spammer

I know this guy personally (posting anonymously for obvious reasons). He got the company from his father, as a birthday present.

He is friends with this guy. And I mean, good friends. There was a third guy (American) who brought them together. The Fluffi Bunny guy was into serious fraud (hell, I've seen it happen first hand, stolen credit cards used in night clubs in London, heavy drugs, etc.).

I am not surprised that now Bevelander is under the spotlight. He was a criminal two years ago when I met him. He is a criminal now.

Friends of Mr. Bevelander

[AndroidCat]

According to this story he has real nice friends:

The BBC discovered that Superzonda, a South American spam gang which may have used the Sobig virus to install open proxies on end-users machines, hijacked British Airways' computers without its knowledge to advertise a website called beautifulwomentodate.com (offering Russian brides).

I recall getting Sobig a few times. Nice people that he hangs with. (Oh if only it were literally true eh? :^)

Re:Friends of Mr. Bevelander

[SoSueMe]

Thanks.
That "interesting" e-mail is now "404" on the site.

It is from people setting forwards.

[leuk_he]

rtfa:

if in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.

translated:

This is not from normal bounces, this is from people whose e-mail was abused and set a forward on the bounces to cyber angels, OR (less) from people who had more intelligent bouncers, and bounced to the correct domain.

So this is very very small percentage of the total e-mail sent.

I bet the new owners would forward it for them...

[siskbc]

...assuming cyberangels provided their *new* domain and email addresses. And I swear, none of us will sign them up for a bunch of granny porn. I swear. Okay, so I lied. ;)

How do we know this isn't a new spam technique...

[jamonterrell]

It works so well that even slashdotters are rushing to read spam mail =)

All I want to know is...

[jpmahala]

Did Mr. Joseph Otumba from Nigeria get my response?

Re:All I want to know is...

[BobWeiner]

Exactly. I wish this could happen to those Nigerian spammers.

You know you are a sysadmin when...

[Noryungi]

... like me, you read the following line:

Somebody believed that a Cyberangels' dick was too small.

as:

Somebody believed that a Cyberangels' disk was too small.

I was like wtf? Disk too small? Not enough space in the /home directory? Swap space problems?

Then, I re-read the line, and I went:

Oh, THAT thing is too small... =)

I looked, three days

[magicianuk]

Friday morning, when the NL-zonefiles were updated: the MX-records of cyberangels.nl were now pointing to us. (We made a catch-all for all adresses.) The first few hours, literally thousands of mails reached us: 5919 mails, most of them bounces. By now, the avalanche has dwindled to a trickle.

Until now - 06-07-2003, 23:00 GMT+1 ...

Friday was 04-07-2003, 6305 messages received on the 4th of July, the 5th of July and the 6th of July ... that looks like more than two days and less than four to me!

A gem...

[iworm]

Love this part of the analysis:

Both ba@cyberangels and ripe-contact@cyberangels recieved some spam:

1. Mr. RASHEED BELLO sent ba@ six Nigerian scams;
2. @yahoo.com.cn spammed four times with something rather illegible;
3. Mr. Ken Titoh was hoping to assist Mr. ERASHEED BELLO;
4. Somebody believed that a Cyberangels' dick was too small

Oh the irony...

[BlightThePower]

That only 12 out of 6305 emails they received were actually spam (i.e., 0.2%)! Actually make that 11; I'd guess a spammer would likely be an opted-in and interested customer as regards penis enlargement.

Re:Oh the irony...

[Gordonjcp]

Actually, you'd be amazed what problems you have setting up Spamassassin for someone who works for an Erectile Dysfunction clinic...

Funny, 80% of my email is just SPAM

[krray]

I have my own home domain which was setup shortly after college and used (then) to just keep communicating with distant friends. Back in the day UUCP was how it was done for $15/mo which gave me 3 hours of transfers before I had to start paying extra.

BECAUSE of the spammers I did have to pay extra. Long ago went to broadband type connections starting with ISDN (still backup and my only phone lines) to 10Mbit wireless uplink today (sweet). Funny, but I am STILL paying for the bandwidth and SPAM still annoys the hell out of me personally.

So -- to get it under control I baited the spammers (and still do :). Hundreds of non-existent users to just harvest spam. Any USENET type postings have a good email for about a week (if at all) before harvesting. Hell, I even like to add in users where they attempted "bob@" that didn't exist.

Me, myself, and my wife -- here's my stats for the entire month of June:

Outbound (work): 60 (1.74%)
Outbound (personal): 49 (1.42%)
Notes to myself: 89 (2.58%)
Inbound to me: 422 (12.24%)
Inbound to the wife: 14 (0.41%)
System messages: 68 (1.97%)
System ERROR codes: 2 (0.06%)
Just TESTING: 7 (0.20%)
SPAM TRAPPED: 2738 (79.39%)

TOTAL EMAILS: 3449

Um, Houston ... we have a problem.

They are publishing others mail-adresses == !good

[Laglorden]

It's stupid and immoral to publish other peoples mail-adresses like they have done on their page. They (people responding they don't want spam) will get indexed by even more spam-bots :(

Well

[mindstrm]

If I move out of the house I rent, and you move in.. the junkmail is yours.. but anything addressed to ME, personally, is not, and the law agrees.

I think it's safe to say that this IS a morally questionable act.. though so is SPAM. I won't go screaming that they did this in a bad way.. but if it was anyone other than spammers.. say it was, I don't know, a doctor's website, and it was a patient mailing.. would taking that mail and publishing it be morally correct? I think we would all agree no.

Re:Well

[Trigun]

What if the current occupant has your name?

Eg. Admin, root, abuse, spam....

Re:Well

I don't think your're entitled to anything if you don't leave a forwarding address

Re:Well

[jonadab]

> If I move out of the house I rent, and you move in.. the junkmail
> is yours

Well, I'd say that covers all those bounces and stuff. The personal
letter to Martijn is presumably in the other category, though.

> I think it's safe to say that this IS a morally questionable act

Morally questionable? Heck yes. Illegal? Likely. But is it
definitely *wrong*? The trick is to ask the right question ;-)
(Personally, I would not have published the mail (though I might
have released statistical information about it, such as the number
of bounce messages).)

I suspect they're betting that the former owners of the domain, due
to the negative publicity associated with spamming, will not be
deliberately stepping forward -- and if they don't, there'll be no
meaningful lawsuit. Make your own analysis of the likelihood that
this bet is a safe one. Of course, even if this bet is safe, that
covers only the legal question; the moral question is a distinct
question. As I said, I would not have published the mail, but
those liberal Dutch seem to think it's okay ;-)

Re:Well

[mindstrm]

Again, I'm not disputing the technical nature of it. I'm not even saying they can't RECEIVE the mail...

If the new occupant has the same name, then obviously I can't have an issue with him opening my mail, as he has no way to tell it's not for him.
If, however, he discovers after opening and reading it that it's mine, and not his, for sure, and publishes it anyway, THEN I have a problem with it. It's bad manners.

Yes, that's fine.

[mindstrm]

They didn't hijack the domain.

But receiving and publishing private correspondence that's destined for someone else is not. When you purchase a domain someone els used, it's NOT the same thing as purchasing their business from them.. it doesn't automatically entitle you to anything.. other than the domain.

Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.

Re:Yes, that's fine.

[rvega]

When I close or stop using an old email account for whatever reason, I send a note to all the people I correspond with, letting them know the new address where I can be reached. After I've done this, I know perfectly well that I won't get emails addressed to my old account, and that, potentially, someone else well.

I wonder if cyberangels did this. I suppose not. Care to guess why?

Re:Yes, that's fine.

They didn't hijack the domain.

But receiving and publishing private correspondence that's destined for someone else is not.

Email is not private correspondance. There is no realistic expectaion of privacy with email, as anyone with access to any of the servers, routers, or networks your email traverses is completely within their rights to examine that email. Courts have repeatedly upheld this. How many times do we have to say "email is like a postcard; PGP is like an envelope"?

Re:Yes, that's fine.

[Norwolf]

Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.

Federal crime? Please keep in mind that this is about a .nl domain, not in the USA, 'federal' has little or none importance.

But anyways, many countries do not see electronic communiction as "regular" communication. Let me give you an example: many people in corporations add silly "by reading this e-mail, you agree to blablabla and delete it if it isn't addressed to you." One problem: it's impossible. You haveto read it in order to know the content of the signature, and you automatically agree to it? I think not - invalid at least in Norway.

Addressing of post in the real world is much simpler - you haveto have a name. On the net, you can simply address 'webmaster', a handle/nickname, etc. I just checked with two friends of mine studying law here at the University of Oslo, and in norwegian law you have committed a crime by opening (or destroying) a letter not addressed to you. But there are no current cases that confirm that this is valid for electronic communication.

Morally, it's a grey zone also - by my point of view. I currently use 5 different domains. All incoming e-mail to those domains are redirected to one of my inboxes. If I forget to renew one of those domains, it's my fault. I wouldn't care what happens with e-mail to that domain then.. and yes, it's happened :-) If you want to protect your incoming e-mails, the least you need to do is to make sure that your domain is registered and has a proper MX :-)

Re:Yes, that's fine.

[blerg]

Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.

Uhm. What? If you move into a new cubicle or house or what-have-you, then the mail is *obviously* going to be addressed to PreviousOccupier'sName @ Cubicle/address and so on. How is webmaster@cyberangels.nl or any other address that ends up the same know what mail is destined for that exact person and what email is for the previous webmaster (or nl2323asshat) unless they open it?

There is nothing immoral with this as long as they don't publish personally identifying information.

Re:Yes, that's fine.

[sangdrax]

I'd laugh so hard if the spammer would sue spamvrij.nl for that. ("they opened all my fanmail!!").

Like they'd stand a chance in court. Even if they'd win, they probably would get nothing more than apologies and their mail from spamvrij.nl. Oh and their face on TV as a notorious spammer.

Re:Hey!

[whaley]

We're not the only country with legal porn and prostitutes I suppose.. although the world famous 'window shopping' in Amsterdam might be rather unique. And for Amstel, well that should be illegal. There's much better beer than that, both in The Netherlands and Belgium.

On a different subject, Karin Spaink was mentioned to belong to the anti-spam group. She is also the one who won the lawsuit that Scientology started against her for publishing excerpts of their trade secrets on the web.

Too bad, so sad

[j_kenpo]

I was going to say doesn't this go against the rights of the spammers to post their emails, blah blah blah... but then I remembered these were spammers, and in my eyes they have no rights and deserve nothing short of genital mutilation...

Summary of the article (in case it's slashdotted)

[jarran]

Spamfighter gets holds of spammers inbox. 99% of it is junk. 1 e-mail is of minor passing interest.

Don't go after the dealer...go after the USER!

[clmensch]

Why oh why do we expend so much energy attempting to come up with technical and legislative roadblocks to stop the spamming schmucks out there? Wouldn't it be easier to make it illegal to ADVERTISE in that manner? Go after the businesses that pay these jerks.

If that's not possible, couldn't someone just host a database that users could add the name (+address/phone info), url, and offending spam-message to? That way an organized boycott/reverse spam/snailmail campaign could be lodged against those who pay to clog the internet with their muck? I couldn't have been the first person to think of this...perhaps something like this already exists?

Follow the Money

[mobileskimo]

I have a question. What occurs to credit cards and payments that scammers receive from their customers?

Spammers are by no means stupid. Above all things they MUST get their money, otherwise none of this is worth doing.

So if the scammers are getting their money, the credit card companies pay them. If the credit card companies pay them...

[1] We have a breach of trust between the credit card companies and the customers. CC companies are not doing their due diligence in brokering payments for product/services. CC companies are issueing clearance of charges to unscrupulous people. We are entrusting them with our financials (whether we choose to "fraud-notify" them or not). They have all the information, both the consumers and the scammers.

[2] The customers complain they never got their product. Report fraud. The credit card companies remove the charge, investigate it or not. This increases cost/risk for the CC companies. Higher interest rates? More cooking the books?

Why is nobody investigating the money side (IMHO the lifeblood of this business) of this problem? As long as we concentrate on the technology, we'll always be distracted from the real solution. It's all about the money in the end.

Anonimity
+ Privacy, Sharing, Voice
- Scams, Theft, Hit/Run

We asked for it.

Re:Follow the Money

[Animats]

Exactly.

I'd like to find a financial institution that will give me a credit/debit card number for which they will reject all transactions, and they immediately relay to me any transaction data that comes in over the banking network. That would be a big help in finding spammers.

Re:Follow the Money

[t1m0r4n]

So if the scammers are getting their money, the credit card companies pay them. If the credit card companies pay them...

Nice idea, I've pursued it, it's a dead end.

I've tried contacting the CC companies when seeing something of a questionable nature. They just don't care. Web forms spew forth unrelated autogenerated replies. Telephone calls have resulted in "We'll have someone call you", but the calls do not get returned.

I've considered contacting the police when seeing fraudulent looking set ups. At least there, although nothing will be done, they will probably acknowledge my existence :P

Re:Follow the Money

[Michael+Spencer+Jr.]

I'm going to illuminate a dark spot in your argument, because I work for a major credit card processor.

For Visa and Mastercard at least, there are many parties involved in credit card transactions.

* Cardholders are obvious. You, me, anybody can be a cardholder.
* Issuing banks -- these are the companies who actually issue the card, and who own the account the card is attached to. They are responsible for handing out authorizations (approvals, declines, etc) and for moving money between that cardholder's account and the Visa/Mastercard payment transfer system.
* Associations -- there ain't too many of these. Visa is a payment transfer association. Mastercard is a payment transfer association. These associations have rules and regulations, and they interface with a *vendor* in a technical way, and with issuing banks and acquirers in a business/financial way.
* Vendors -- think communications providers. Yes, I thought it was weird terminology too, but in the credit card processing world a 'vendor' is a communication provider of some kind. Vital Processing Inc, BuyPass, NDC, FDR, ADS/SPS/Vectrix, these companies all provide servers and communication paths that help get businesses and banks communicating and doing transactions. These guys have no *financial* link to any transactions.
* Acquirers, like the company I work for. These companies are responsible for coordinating the technical stuff that gets merchants talking to vendors, *and* for establishing and maintaining the business/financial link between the merchant and the association. Merchants sign a contract with an acquirer, and the acquirer is bound by Visa/MC regs -- so the merchant is bound by visa/mc regs. The acquirer is ultimately responsible for its merchants.
* Merchants. These are businesses that want to accept customer payments via credit card.

OK, enough background and terminology. How anonymous can you be if you accept credit cards? How anonymous is the money that passes through the system?

Not very. Not at all, actually. When a merchant signs up for a "merchant account" with an acquirer, they usually pay a rather hefty application fee. The acquirer knows they will be ultimately responsible for this merchant, so they do their homework and make sure this merchant is a good risk.

Why do acquirers have to be so careful? The "case study" threat model to defend against is: merchant runs advertising campaign, gets hundreds of thousands of dollars in credit card sales. Merchant takes these hundreds of thousands of dollars and "runs for the border", disappearing without a trace. After a while, customers start figuring out they aren't getting their widgets and ask their issuing banks to issue chargebacks. Chargebacks come rolling in; acquirer is now responsible for paying back all of that money. Acquirer will now pass those charges on to the merchant -- oh, damn, wait, they're long gone. Acquirer eats the loss. Ow.

Acquirers fight this in several ways. First, they're very careful about who they take on as merchants. Thorough credit checks, sometimes required examples of products, and high standards. Second, for high risk merchants, an acquirer will sometimes withhold payment for a certain amount of time. If an acquirer believes that most customers would issue chargebacks well within 90 days (even though they have up to 6 months) it can hold onto those funds for 90 days. If the merchant ships the goods it promises no chargebacks appear, and the merchant gets their money. If the merchant doesn't deliver goods, the acquirer still has the funds on hand so it can pay the chargebacks out of the merchant's own funds.

With all this in mind, I have some problems with the parent post. I don't believe there was a breach of trust -- the system works the way it's supposed to, because of chargebacks.

Issuing banks are supposed to be fairly liberal about who they grant authorizations to. They can return authorization responses in one of three categories: basica

Re:Follow the Money

[Michael+Spencer+Jr.]

The magnetic stripe contains extra information, not just the card number. A merchant conducting fraud would have had to see the magnetic stripe once to be able to copy it. J Random Spammer-service-purchasing merchant probably will never have seen the magnetic stripe. It's also safe to assume that merchants won't share magnetic stripe information -- merchants generally don't like chargebacks, so they don't like to do things that promote fraud.

(It is, however, possible that some spammer could partner with someone's credit-card-accepting gas station, and start stealing stripe information that way. What makes this unlikely is that if a large number of fraudulent transactions involve account numbers that all seem to have done business with a single gas station, Visa and Mastercard will see that, and will conduct an investigation. Visa and Mastercard then have the legal power to assess *serious* fines, per the signed contract the merchant has with their acquirer -- and then there's criminal charges for fraud and whatnot. The details of any criminal stuff are outside my experience, so I'm just guessing.)

In general, keep in mind that while a good deal of the approval process and payment process is automated, there are humans involved in confirming and reviewing every step of the process. There are businesses with financial interest in making sure merchants conducting fraud (or even just high-risk merchants) get closed, and that the rate of fraudulent transactions gets reduced. Visa and Mastercard change their rules as well -- their regulatory commissions meet twice a year and enact changes when necessary. Perhaps their idea of what "needs to change" can be different from your idea of what "needs to change", but the whole system keeps spinning as long as everybody involved keeps making money. The system tends to punish bad behavior financially, so everyone is financially motivated to do the right thing w.r.t. credit card activity. (That is, it punishes a high rate of fraudulent transactions. It doesn't punish immoral things like doing business with spammers.)

--Michael Spencer
First National Merchant Solutions
(a credit card processor or 'acquirer')
First National Tower, 27th floor
1620 West Dodge, Omaha Nebraska, 68197
http://www.foomp.com

The opinions stated above are my own opinions, and do not reflect the opinions of my employer, First National Merchant Solutions.

Re:I just read that Fyodor stuff

[Jo+Owen]

um, It's open source, so actualy, there is.

Mail from martijn@cyberangels.nl recieved

[kspaink]

Actually, we had one already - which is analysed at http://www.cyberangels.nl/evidence/mailmartijn.htm l, and only now two news mails arrived. Check the mail analysis page for updates.

Re:Mail from martijn@cyberangels.nl recieved

[nchip]

megamasters.com has whois-pointers towards lyford.com, like indocated on the page linked from the parent post. The forum is a must-read!

A spammer selling his services - with a handy ICQ number contact!

Have fun :)

So whats the big deal?

[skinfitz]

So 6305 mails in total, one of which was a valid email from someone wanting to contact them.

Signal to noise ratio of 1/6304

So how is this different to anyones email these days?

Re:So whats the big deal?

[Joe+Enduser]

So far in the last 30 days or so I had only one Nigerian email, and one chain letter from someone who actually knows me. No filter installed, and I've got the same address for over three years.

But it was just today that I thought the shit had hit the fan, as I got a strange email that inquired about DVDs from the television series Fame.

Of course, it was then that I remembered my own domainH^H^H^H^H^name.

So I got 22 real, personal emails today, 21 of which were cron outputs.

brass ones

[garysears]

I love it.
Is this a way of saying that they've got brass B*lls?

all payload, no delivery system.

(come on, it's not off topic, it's social commentary.)

A more appropriate domain name

[earthforce_1]

for a spammer would be cybera**hole.com

Wouldn't it be funny

[fataugie]

If they received the same percentage of spam as the rest of us? Out of 6305 messages, 6000 asking if they need a penis elargement/4% mortgage/Chance to help some third world person transfer some money.

Here is Bevelander's address

You can find his address (including phone number) right here on his own home page. Or, in case it is suddenly removed:

Pascalstraat 17
2014KZ Haarlem
(The Netherlands)
Tel.023-5101094
Fax.023-5441982

If you want to give him a call (for example, to explain your appreciation for that penis extension), remember that the country code for the Netherlands is 31.

This is a company address, so you won't actually disturb his neighbours or his cat or something.

Been there, done that

[Animats]

I saw a spammer's incoming mail when a spammer tried to use my "downside.com" domain as a return address. I got about 16,000 e-mails, mostly mail bounces with a few threats and hate mails. (Those last I answered personally.)

Shutting the spammer down took about a month, but ultimately was successful. I got their 24 porno sites, two fake billing sites, and a few other related sites kicked off ISPs from Sao Paulo, Brazil to Brooklyn NY to St. Petersburg, Russia, where they actually were. They've been down for months now, and they are staying down. They don't seem to have come back under a different name; searches for ther subject matter in Google come up empty.

I had the advantage that I own "Downside" as a registered trademark. This gave me some legal leverage.

One useful tactic was to report phony domain registration info to ICANN. Some domain registrars will then lock the domain against changes until the domain owner provides them with valid ID info. If you do that, and you then get them kicked off an ISP, their domain is locked to an ISP that won't host them, and they can't fix it without disclosing their identity to their registrar.

In this case, the spammer had their own DNS server, so they could quickly move their sites from ISP to ISP. But I managed to get all three of the domains that handled their DNS queries locked, then kicked off ISPs, which took down their entire set of sites.

It turned out that the CEO of their ISP's upstream provider in Russia was somebody I knew from the 1980s, so I was able to get even a Russian ISP to cooperate.

You don't have to sit there and put up with this stuff. You can fight back and win.

Re:Been there, done that

[ChrisDolan]

This is a great story. It's nice to hear about successes! But I have to ask, how much time (==money) did you have to invest to win that battle? The rest of us thank you for that investment, but I'm guessing it was larger than most of us are willing to invest individually.

Re:Been there, done that

[swordgeek]

Good work!

Cheers, and thanks for cleaning up some of the digital gene pool.

Re:Been there, done that

[jrumney]

Perhaps you could team up with someone with Korean Telecom contacts, and deal to this (warning - disable Javascript if you don't want to be tracked) gang of spammers from Russia with website hosted in Korea.

Re:Been there, done that

[Animats]

It took about two hours a day for a week. Because my Downside.com has a good reputation, I was willing to go to some trouble to track them down.

Re:"A hold of" is very awkward written English

[AndroidCat]

I doubt that English is Karin's first language, perhaps we should give her some slack? (As for the Martians at Slashdot... D'OH! I wasn't supposed to say that. Definitely no Martians at Slashdot. Never hearing of Martians from me!)

Re:Hey!

[ShavenYak]

And for Amstel, well that should be illegal. There's much better beer than that, both in The Netherlands and Belgium.

There's better beer than Amstel made in the USA even.

Re:brass ones Klunk Klunk in Canada

[ratfynk]

Fortunately Monkey net spammers mostly do not live in northern Canada otherwise you know what would happen.

Klunk ...klunk//// the sound of brass balls falling after they freeze then get kicked.

The one interesting email...

[indecision]

They list one email as being particularly interesting, as copied below.

For me, the really intriguing bit is that they talk about "hosting" a lot, so much so that it appears to be a codeword for "spamming". Its a fairly obvious thing to do for someone who makes their money off spam - try to keep a low profile and not discuss their business openly.

Return-path:
Date: Fri, 04 Jul 2003 11:30:30 +0100
Subject: Rick Yazwinski referral
From: Mark Holyland
To: martijn@cyberangels.nl

Hi Martijn

Rick from Web Krew / Python gave me your contact regarding hosting.

Can you give me more information as to what hosting you can offer and the costs of your services ?

I look forward to hearing from you

Best Regards

Mark

Re:The one interesting email...

[BigBadBri]

Hoyland's another spammer.

They probably need as many hosting sites as possible, preferably where they can set up relays for their own use.

Re:"A hold of" is very awkward written English

[kongjie]

Don't know my comment is flamebait. I agree it's off-topic. I wasn't assuming that Karin is or is not a native English speaker/writer. I also wasn't being rude, offensive or degrading. I was trying to point out that "a hold of" is poor written English in this situation.

Good idea, but spam would still continue

[daveo0331]

First, a lot of spam is "stock tips" (pump n dump scams) where the spammer wants you to buy shares of the stock, or links to porn sites where the spammer makes money through referral fees. These don't require spammers to collect money from the people they spam.

As for the rest of the spam - if spammers couldn't collect credit card payments, they would switch to paypal, or direct debit from checking accounts, or something else. Sure, the response rate would be less, but given the economics of spam, spamming would still be profitable. That said, if the credit card companies can help reduce the volume of spam, I'm all for it.

Re:I guess... [OT]

[angst_ridden_hipster]

You know, that shirt/sticker always has bothered me.

The problem with it is that "read" is both a present and past tense -- so a perfectly straightforward interpretation is simply that "I have received and read the email you sent me." Not scary at all.

What they really mean is "I can snoop your email," although that's also an admittedly bad formulation.

Yeah, well, anyway...

Telemarketers are worse

"Commentator Chelsea Lowe, a former telemarketer, says that while people may hate a dinnertime solicitation, a human being is on the other end of the phone."

Check out this page and scroll down to the link labelled Commentator: Telemarketer's View. This woman actually considers the people who hung up on her to be rude. Given that there are so many fraudulent telemarketers who record everything you say and edit together a tape that has you agreeing to buy a three-year supply of alligator repellent, we have to assume that all telemarketers are criminals and that it is unsafe to say anything to any of them. Hanging up on them is simply self-defense. Since telemarketing is even more intrusive than spamming, I don't think anyone will mourn it if it passes without harsher measures.

Re:Telemarketers are worse

[BigBadBri]

"Sorry, not interested."

Say it once, if they persist then say it again, then put the phone down.

All that means is that you have given the 'telemarketer' a polite peply, nothing to make a tape of, and if they persist, they're not deserving of politeness anyway.

I wasn't aware of telemarketers splicing tapes - perhaps this particular nastiness hasn't reached this side of the Atlantic yet.

I do, on the other hand, tell door-to-door salesmen to fuck off, as that is a much more personal intrusion.

Re:Telemarketers are worse

[d-e-w]

Which side?

There's been a couple of scams exposed in the US where the telemarker tries to get you to say "yes" (for instance, asking "Is your name so-and-so?") and later splicing that yes in with another question ("Do you agree that we can put the charge for this service on your phone bill?")

The suggestion has been to either say "I'm not interested" and "put me on your do not call list" right off the bat, or to affirm by repeating the information back at the telemarker ("My name is so-and-so.") Never simply say yes to an unsolicted caller or telemarker.

(Of course, that still doesn't protect against a growing scam in which fake recordings are being made using telemarketing employees as the "consumer." They don't even need to call you!)

Name of a rose by any other name

[mobileskimo]

Regardless of the payment type, I would expect any institution responsible for the brokering of money to have information about the buyers and sellers of said services or products.

Stocks have their regulations and their governing bodies. Banks for Direct Debit are ultimately responsible for who is making wildrawals from our checking accounts. Paypal must eventually disburse payments through something similar.

My point: I'm ready to start pulling all my money out of banks. I've already canceled 2 out of 3 CCs due to unscrupulous behavior of merchants. One was charging me a monthly. When I tried to track it down I got nowhere. I called them up and they couldn't even tell me what products or services they sold! How the hell did my CC validate a purchase without knowing what business these pogos were in? There is no way to block a merchant from issueing a purchase. You can only declare purchases as fraud. Who wants to do that every month? The other CC I canceled, I did so because I started receiving alot of those class-action notifications against them. Hopefully if enough people react similarly, some money hungry executive will start asking why he's seeing a decline in membership. If consumers sit on their fat ass and take it as business as usual, we will continue to see ripoffs.

Some may say the CC are not at fault, but I say they are at fault for not knowing who these merchants are and allowing them to bill consumers. I can no longer trust banks to act in ANY small interest of the consumer.

My conclusion is these spammers are being protected by the prince of dakness. MS and gov chasing phantoms at the misdirection of those that know better, may prolong this war for the profit of all involved. Not for any silly naive principle any of us are hoping for. Shed them.

The sender owns the email? Good!

[dcavanaugh]

If I receive all this e-mail and the sender(s) own it, then their property is occupying space on my hard drive. I own that space, therefore I am entitled to charge rent, as documented in my SMTP banner. Don't like my rates ($50 processing fee + $5 per byte per month)? Don't use my space. Legally binding proof that the sender owns the e-mail is most of what I would need to initiate collection actions against all of my favorite spammers. I don't see how this logic is any shakier than the standard EULA.

Wrong.

[RevSmiley]

It always helps if you read the article.
Cyberangles was a pure spamm operation.
No real persons Email is involved here.
All Cyberangles existed for was sending spam.
Any email to Cyberangles is property of the current domain owner in any case.

Your Email is not private. If you think it is you are a noob. If you want privacy don't use Email.
Use the postal service.

Co$ *are* spammers

[Thuktun]

http://cisar.org/trn0453.htm

Trolly trolly mctroll troll

[moogla]

Jesus christ you people got taken in. I mean with a name like "Physics Genius"... and then the backhanded Fyodor reference.

Someone mod the parent and all gag-reflex replies into the floor. Thanks. HAND

Re:I guess... [OT]

[kkhawi]

The paste tense should be be "I have read your e-mail". At least that
is how I say it.

Oh no, I fully realize that.

[moogla]

I don't want to give them a clue, I'm just feeling vindictive. It's like those Japanese game shows or Fear Factor where they punish the slow-witted.

I just don't want to see the replies. >:{

I think

[mindstrm]

you might be surprised to know that what you consider technically private is not necessairly what the courts or the common person considers private.

There is a difference between "private" and "top secret". Saying something is private does not imply it's impossible for someone to read it.

If you address some communication to an individual, and it's not in a place where the general public can access, it's generally considered private. There is a reasonable expectation of privacy.

If you are shouting in a restaurant, you have no expectation of privacy. If you are whispering to someone outside, you DO have an expectation of privacy.. the fact that someone can listen in with a parabolic microphone because you are "emitting sound waves" does not negate your right to privacy.
With regards to SECURITY, yes, you should treate email like a postcard; that does not imply it's the legal equivalent of one.

And if we forget technical details.. knowingly publishing something you KNOW was not meant for you to read, how can you say there was no expectation of privacy?

Yes yes

[mindstrm]

I'm not stupid, I realize this is not about the US. Notice I ended with saying it was morally wrong? I suppose I use the word "Federal crime" to point out that certain things are most definately, for a good reason, illegal.

The point that there is no actual envelope to open is a valid one... however..

So they read it. Fine. Found it wasn't for them. But then.. publishing it once you realize it's not? It's ethically wrong.

What happens when you let a domain expire, and someone sends you a letter, some long lost person, and it's private, just for you.. and the new owners publish it, and it hurts you financially, or personally.. you won' feel the same way. People ought to have respect for privacy, regardless of what the law says.

I'm talking more about morals and ethics than I am about laws... just because it's not illegal doesn't make it morally right. The opposite, ,of course, is also true.

Correct.

[mindstrm]

You are not entitled to anyhting if you do not leave a forwarding address; however, it is still a crime for the current occupant to open mail addressed to you personally.

Makes sense right?

Just Remeber

[dupper]

Forcible Darwinization (i.e., testicle removal with a rusty butterknife, and a biaxial penis quadriception, for good measure) of spammers, companies advertizing using them and those who actually buy from those companies is mandatory, under the Freedom from Idiocy Act of 2000. It is every citizen's patriotic duty!

Re:I guess... [OT]

[angst_ridden_hipster]

Actually, both are correct. One is the simple past tense, the other the present perfect tense.

Re:Summary of the article (in case it's slashdotte

[Kris_J]

And not a single one is interested in the product/service/scam being offered in the spam.

So uh...

[TheAwfulTruth]

Isn't opening and reading this mail potentially illegal or at least morally bankrupt? If you moved in to a new house and some mail for the previous owner gets delivered, you are not allowed to open it just because you now own the mail box it was delivered too.

I'm just sayin... all the talk about morality around here and yet, this seems pretty repugnant to go through someone elses mail, spammer or no. If you are not morally superior, then you are not better.

Re:Hey!

[LadyLucky]

New Zealand legalised prostitution a few weeks ago. The funniest part was when an owner of a brothel complained that the givernment's job placement program was refusing to refer the jobless to prostitution.

Re:How Does Re-Registering Work?

[kspaink]

We just managed. They dumped it at 15:something, word got out, reached a netzine, somebody mentioned it to us and we pulled a credit card. 22 minutes after it was dropped, the Dutch Internet Internet Domain Registration sold it to us.

Perhaps they liked the idea of the domain getting into other hands. They had been receiving complaints, too, I assume.

Re:I agree, except it's spammers, so screw them!

[The+Cookie+Monster]

spammers don't live by moral rules so ... why should we?

We do live by moral rules, but there's little point in extending that hospitality to those who chose not to and use it to try and take advantage of those that do. Infact it is a moral duty to not extend some moral behaviours to the immoral.

For instance (to use courtesy instead of morality), a telemarketter knows that it is common courtesy that neither person hang up the phone until both parties have signalled the end of the conversation. Since telemarketters are not courteous this gives them an advantage over the courteous - the courteous person cannot hang up the phone until the telemarketer has signalled that they've said everything they wanted to (which won't happen until a sale is made).

What's a courteous person to do?
Obviously, we make the Telemarketter play on the playing field they created, by foregoing courtesy and hang up.

Likewise, for any business that will disregard a moral course of action every time a more favourable alternative is present that is still legal, it is your moral duty to ensure that you do not give that business the benifit of moral treatment over legal treatment in the situations that favour you at its expense. To act otherwise would be to give competitive advanges to immoral behaviour.

By all means, turn the other cheek in life - just don't do it for someone is counting on you to do so and will take advantage of it when you do.

Spammers should be made to play on the playing field they created.

Line

[mobileskimo]

And do tell, as an acquirer, what occurs in these businesses? Enlighten the dark spot on the presumtion that these penis enlargement, viagra sellers, fast-cash makers, go about their business without any issues with their acquirers?

Re:Line

[Michael+Spencer+Jr.]

I think I mostly already addressed that, but the basic premise is that Visa and Mastercard have rules under which fraudulent activity can be disputed. Products not working as advertised, not sold as requested, not received, etc -- these things can be charged back.

Acquirers are financially responsible for making sure chargebacks work. If a merchant charges credit cards, receives money, spends the money, and then chargebacks happen, the acquirer must charge the merchant to get those funds back. If the merchant doesn't have the money, the acquirer/merchant relationship goes into collections just like any other business that doesn't pay its bills.

Acquirers don't like when this happens. Sometimes when this happens the merchant never pays and the acquirer loses money. Acquirers try to prevent this by restricting the types of businesses they accept and having strict credit and business history requirements. Also sometimes acquirers accept "iffy" merchants anyway and mitigate the risk of loss by holding on to the merchant's money for one or more months. One acquirer I used to work for (DPI Merchant Services, in the news recently for being hacked) tended to take on the really scummy merchants -- bad credit, no credit, no problem, as it were -- they just required a working sample of the product, and made the merchant wait several months to receive their money.

So the bottom line is -- no matter what the spamming merchant is selling, it has to be selling goods as advertised and shipping them in a timely manner for their sales to happen without getting charged back. And if their sales get charged back, they don't get to keep the money. If lots of sales get charged back, they don't get to keep processing credit cards. Credit card acceptance is a privilege, not a right.

--Michael Spencer
First National Merchant Solutions
(a credit card processor or 'acquirer')
First National Tower, 27th floor
1620 West Dodge, Omaha Nebraska, 68197
http://www.foomp.com

The opinions stated above are my own opinions, and do not reflect the opinions of my employer, First National Merchant Solutions.

Re:Line

[mobileskimo]

My question was specifically...

What have you seen happen with a majority these rogue business selling enlargement and viagra? My presumption that most of these business do well? They deliver on their products and produce nothing more extraordinary in numbers of chargebacks?

Re:Line

[Michael+Spencer+Jr.]

Sorry about that -- I think I confused what you were asking about with what the original article was suggesting -- that spammers might be trying to snag credit cards to use fraudulently, not with their own merchant accounts.

I haven't noticed anything at all w.r.t. merchants selling these types of products. I don't get to see what merchants we deny merchant accounts to, and the products a merchant sells is usually not obvious from their doing-business-as (DBA) name.

My conclusions are: I probably wouldn't know anyway. If a business is established recently and these kinds of things are their only product, they might have a very hard time getting a merchant account. If an already-established, reputable business starts selling these kinds of products, I don't think we would really know or care, outside of doing risk assessments based on how many chargebacks they have.

So it seems the credit card system itself will penalize merchants for being risky, and selling a single product using spam for marketing probably makes for some interesting credit report reading. It will not, however, penalize merchants for buying a spammer's services, or for spamming.

Re:I guess... [OT]

[angst_ridden_hipster]

Yeah, well, maybe I'm just slow and/or humor impaired.

But I didn't find it particularly funny as a double entendre.

For some really good double entendres, do a Google search for "Falstaff"...

Re:sigh...

[mobileskimo]

Hehe. Ya caught me. I do make mistakes. Yes the correct word is "your".

Re:Virusesai! So Double There! :P

[mobileskimo]

Firstly to those that would rate the above as flamebait, please note the :P in the subject which is meant to be a face sticking a tongue out. In other words the comment is tongue in cheek and meant as light commentary.

Secondly, if you're "interested" (not interesting) in linguistics, then I'd expect you to understand that if someone writes a word mispelled or conjured one up, it doesn't mean they are "stupid". "Virii makes no sense"? What's your point? You don't need to establish a religious order to gratify your superiority. All you need to do is put someone else down to do that. The guy who wrote "virii" might have been silly to attempt a latin plural, but damn, cut the guy a break. LOL (This means Laughing Out Loud, meant also to be light hearted). I might laugh at the guy, but "it's all good, baby!"

Original post by Ilvatar...
The first thing that popped out on the Cyberangels site is the word "virii". Looks like there is no end to the number of stupid people in the world. First of: the Latin word "virus" means "mucus" or "slime". Which means the words do not relate. The plural of this particular Latin word is "viri". Not "virii". "Virii" simply does not exist. Since the word "virus" in its present form is not at all related to our Roman friends it is pointless to make up your own little Latin plural form. Get a clue people.


My point? "stupid people in the world" is a bit harsh for someone who used the "incorrect" word "virii". "Get a clue people"? You don't feel at all like you've slighted someone?

This is the serious meat of the matter. Attitudes. What I've learned is that it doesn't matter anymore who's right and who's wrong. Only how we treat each other. Please, I beg of you to reconsider next time you feel the urge to berate someone this way. It only encourages others to follow the example and make elitist comments. Beg I will, for pride is only an inhibitor of better understanding among us.