Slashdot Mirror
Spamfighters Get A Hold Of Spammers' Incoming Mail
Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously,
the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels.
Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a
very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."
that they are getting many eCards of sympathy from other spammers? In that business, I would be surprised if they didn't try to sabotage each other now and then.
One line blog. I hear that they're called Twitters now.
These guys are entitled to wear the "I read your email" tshirts.
Or at least immoral? I don't think "the end justifies the means" is really a valid defense, especially as there's no "end" in this case. They are just reading someone else's email. And "White hat hacking" doesn't apply either, as that refers to people who are asked to break in to a computer to test it, not vigilantes like our own Fyodor, who use their skills to merely harass people that annoy them.
Lemme check my email...OH MY GAWD!!!!!
How many of them do you suppose answered the ones for discount Viagra and penis enlargement? Oh, wait, nevermind...
Be excellent to each other. And... PARTY ON, DUDES!
2 attempts to subscribe ba@cyberangels to a gay magazine;
The trolls strike again!
--------
Free your mind.
This is probally one of the best news stories I have seen on /. in a while. I went ahead and sent a link to everyone in my address book. Matter of fact I sent it to them all 3 times and then sent 1 additional message advertising how i made 55 thousand dollars in 2 hours. Now if I only knew these people in my address book.
Everyday You see me is the worst day of my life -Office Space
Hmm... My employer's domain filter won't let my browse through this one.
I guess I'll simply check my mail to see what these spammers are up to today.
6305 incoming emails and not one of them contained an order or anything else positive.
So, lessons to be learnt here if you're a spammer:
1. Give up - it's clearly not worth the effort; or
2. Keep at it - if at first you don't succeed, try again!
Now if only we could somehow get them all to learn lesson 1 instead of lesson 2 then we'd be home and dry.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
...what kind of mail does a major spammer receive in the course of three days? By now, we have a very precise answer: 6305 mails.
They are wrong. Look in the page linked:
Introduction: 6305 mails in (basically) one day
"...a generation of kids has grown up thinking Trance is the shittiest music since country and western." - Paul van Dyk
It's all about a young guy called Martijn Bevelander, there is alot of press now here in Holland because the net is closing around him. Hope he gets banned from the Dutch Internet provider group and his company stops.
Latest news (in Dutch):
http://www.webwereld.nl/nieuws/15564.phtml
"Introduction: 6305 mails in (basically) one day
;-)
We received 5880 bounces and forwards
We received 12 spams for @cyberangels
We received 40 attempts to annoy Cyberangels
We received 371 complaints about Cyberangels
We received 2 business mails"
In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars!
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I'll be that about 90% of the email is some variation of:
IF I EVER MEET YOU I WILL KICK YOUR ASS
Is how few emails were for business. I assume this category would include responses to spam. Maybe I do not understand the story, and the CyberAngels people were merely responsible for sending the spam (for other people), and if anyone responded to the offers in the mails it would go to an non-CyberAngels address. Or possibly redirected to a website, where they could make a purchase. Yeah, as I type out my thoughts, the reason for the dearth of business emails becomes clearer.
.0003%, and insanely high (compared with other forms of direct marketing), like 5%. People can argue for one side or another, but I need more evidence than conjecture to begin to understand the problem. If the response rate is already very low, then relatively simple technological solutions would probably suffice to drive them low enough to make spam unprofitable. If the response rate is high, it is going to take a lot of effort to fix this problem, possibly involving a redesign of the email system.
I had hoped for some accurate stats on the actual response rates to spam. I have heard rumors flying around that they are insanely low, like
Glad to see these spammers were shut down, but we need more insights into the way they operate in order to shut them all down.
6000 emails in 3 days? That doesn't sound like nearly enough for a serious spammer. I had a web server compromised by a spammer last year and I received more than 6000 bounce-backs in less than three days before I found the hole and patched it up. It seems to me like a professional spammer would have several servers at several IP's and get way more spam than that. Especially when you include complaint email.
Sigs are out of style, so I'm not going to use one...oh wait..
They've done a nice job of analyzing the residual influx of email, while not airing all the dirty laundry. They didn't post a complete session log, so there's no information that may get folks upset. The last business email listed as "1 other" is probably sensitive, and shouldn't be posted on the web (though sending them a "we know who you are" message may make them think twice about using spam in the future.)
Spammers intressts me, I hate them. But I do wounder how much the company buying the spamming service actualy to earn in the end. For ones I contacted a company about there wounderful product, and said I was intressed in buying some. My idea was to get hold of a real life person, to send my "I live in a country where its illegal to spam people, so you guys broken the law!".. But ofcourse I didnt mention that on "intressed in your products" mail I sent them (on there official sales email from there site).. Now whats realy make me confused is that they never wrote anything back.. So..
1. Spam me
2. Ignore me if I want to buy there product
3. ???
4. Profit!
"2 attempts to subscribe ba@cyberangels to a gay magazine;"
Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine. Gets 'em every time.
IGB: More fun than eating oatmeal!
The sheer volume of messages must mean that most spammers are out for only one thing: credit card information. And the best way to get those is to run some scripts to strip out the necessary information. I cannot believe that they can take the time to actually parse out the information by hand, figure out which non-existent product they are selling, and sell anything. 6,000 per day would be 8 seconds per message in a 12-hour day, more or less. I have heard that 40-60 percent of spammers never ship any product, just take a bite out of your credit card and move on. This goes a long way toward confirming that suspicion.
Since the header shows a return email address that doesn't belong to the spammer, the bounces go to compromised servers like yours was and people who get sent the spam usually can't figure out who to complain to. There's little reason for a spammer to accept incoming email, so they probably don't have any email addresses on their websites and email harvesters don't send them spam.
What I can't believe is that they didn't get more *dictionary* attacks than that, I mean, ba@cyberangels.com should have gotten spammed like crazy with such a short username.
Could it be that since they have so little non-spam-related activity that spambots didn't up the domain? I'm completely guessing here, but the ratio does seem incredibly wrong.
-Looking for a job as a materials chemist or multivariat
I'm pretty happy about that. According to an article in The Register, One of the board members of spamvrij.nl is Karin Spaink, very likely the same Karin Spaink who has been involved in the battle against $cientology.
Taking on spammers nd $cientologists. Damn. She's got guts.
I think the word we have for that is actually 'sabotage'.
The text says that his teachers predicted he would end up in the gutter. At age 16 he started his own Internet company. "If I end up in the gutter, it will be my gutter!", he defiantly said.
I guess his teachers were right after all...
One line blog. I hear that they're called Twitters now.
rtfa:
if in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.
translated:
This is not from normal bounces, this is from people whose e-mail was abused and set a forward on the bounces to cyber angels, OR (less) from people who had more intelligent bouncers, and bounced to the correct domain.
So this is very very small percentage of the total e-mail sent.
It works so well that even slashdotters are rushing to read spam mail =)
I can count to 1023 on my hands. Ask me about #132.
Did Mr. Joseph Otumba from Nigeria get my response?
... like me, you read the following line:
/home directory? Swap space problems?
Somebody believed that a Cyberangels' dick was too small.
as:
Somebody believed that a Cyberangels' disk was too small.
I was like wtf? Disk too small? Not enough space in the
Then, I re-read the line, and I went:
Oh, THAT thing is too small... =)
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Friday morning, when the NL-zonefiles were updated: the MX-records of cyberangels.nl were now pointing to us. (We made a catch-all for all adresses.) The first few hours, literally thousands of mails reached us: 5919 mails, most of them bounces. By now, the avalanche has dwindled to a trickle.
...
... that looks like more than two days and less than four to me!
Until now - 06-07-2003, 23:00 GMT+1
Friday was 04-07-2003, 6305 messages received on the 4th of July, the 5th of July and the 6th of July
Love this part of the analysis:
Both ba@cyberangels and ripe-contact@cyberangels recieved some spam:
1. Mr. RASHEED BELLO sent ba@ six Nigerian scams;
2. @yahoo.com.cn spammed four times with something rather illegible;
3. Mr. Ken Titoh was hoping to assist Mr. ERASHEED BELLO;
4. Somebody believed that a Cyberangels' dick was too small
That only 12 out of 6305 emails they received were actually spam (i.e., 0.2%)! Actually make that 11; I'd guess a spammer would likely be an opted-in and interested customer as regards penis enlargement.
Plays violent online games as: Nerfherder76
I have my own home domain which was setup shortly after college and used (then) to just keep communicating with distant friends. Back in the day UUCP was how it was done for $15/mo which gave me 3 hours of transfers before I had to start paying extra.
:). Hundreds of non-existent users to just harvest spam. Any USENET type postings have a good email for about a week (if at all) before harvesting. Hell, I even like to add in users where they attempted "bob@" that didn't exist.
... we have a problem.
BECAUSE of the spammers I did have to pay extra. Long ago went to broadband type connections starting with ISDN (still backup and my only phone lines) to 10Mbit wireless uplink today (sweet). Funny, but I am STILL paying for the bandwidth and SPAM still annoys the hell out of me personally.
So -- to get it under control I baited the spammers (and still do
Me, myself, and my wife -- here's my stats for the entire month of June:
Outbound (work): 60 (1.74%)
Outbound (personal): 49 (1.42%)
Notes to myself: 89 (2.58%)
Inbound to me: 422 (12.24%)
Inbound to the wife: 14 (0.41%)
System messages: 68 (1.97%)
System ERROR codes: 2 (0.06%)
Just TESTING: 7 (0.20%)
SPAM TRAPPED: 2738 (79.39%)
TOTAL EMAILS: 3449
Um, Houston
They didn't hijack the domain.
But receiving and publishing private correspondence that's destined for someone else is not. When you purchase a domain someone els used, it's NOT the same thing as purchasing their business from them.. it doesn't automatically entitle you to anything.. other than the domain.
Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.
We're not the only country with legal porn and prostitutes I suppose.. although the world famous 'window shopping' in Amsterdam might be rather unique. And for Amstel, well that should be illegal. There's much better beer than that, both in The Netherlands and Belgium.
On a different subject, Karin Spaink was mentioned to belong to the anti-spam group. She is also the one who won the lawsuit that Scientology started against her for publishing excerpts of their trade secrets on the web.
Spamfighter gets holds of spammers inbox. 99% of it is junk. 1 e-mail is of minor passing interest.
If that's not possible, couldn't someone just host a database that users could add the name (+address/phone info), url, and offending spam-message to? That way an organized boycott/reverse spam/snailmail campaign could be lodged against those who pay to clog the internet with their muck? I couldn't have been the first person to think of this...perhaps something like this already exists?
There is no gravity...the earth just sucks.
I have a question. What occurs to credit cards and payments that scammers receive from their customers?
Spammers are by no means stupid. Above all things they MUST get their money, otherwise none of this is worth doing.
So if the scammers are getting their money, the credit card companies pay them. If the credit card companies pay them...
[1] We have a breach of trust between the credit card companies and the customers. CC companies are not doing their due diligence in brokering payments for product/services. CC companies are issueing clearance of charges to unscrupulous people. We are entrusting them with our financials (whether we choose to "fraud-notify" them or not). They have all the information, both the consumers and the scammers.
[2] The customers complain they never got their product. Report fraud. The credit card companies remove the charge, investigate it or not. This increases cost/risk for the CC companies. Higher interest rates? More cooking the books?
Why is nobody investigating the money side (IMHO the lifeblood of this business) of this problem? As long as we concentrate on the technology, we'll always be distracted from the real solution. It's all about the money in the end.
Anonimity
+ Privacy, Sharing, Voice
- Scams, Theft, Hit/Run
We asked for it.
"Last one in is a rotten goblin!" - Kepp
Actually, we had one already - which is analysed at http://www.cyberangels.nl/evidence/mailmartijn.htm l, and only now two news mails arrived. Check the mail analysis page for updates.
I write, therefore I am:
http://www.spaink.net/
So 6305 mails in total, one of which was a valid email from someone wanting to contact them.
Signal to noise ratio of 1/6304
So how is this different to anyones email these days?
Pascalstraat 17
2014KZ Haarlem
(The Netherlands)
Tel.023-5101094
Fax.023-5441982
If you want to give him a call (for example, to explain your appreciation for that penis extension), remember that the country code for the Netherlands is 31.
This is a company address, so you won't actually disturb his neighbours or his cat or something.
Shutting the spammer down took about a month, but ultimately was successful. I got their 24 porno sites, two fake billing sites, and a few other related sites kicked off ISPs from Sao Paulo, Brazil to Brooklyn NY to St. Petersburg, Russia, where they actually were. They've been down for months now, and they are staying down. They don't seem to have come back under a different name; searches for ther subject matter in Google come up empty.
I had the advantage that I own "Downside" as a registered trademark. This gave me some legal leverage.
One useful tactic was to report phony domain registration info to ICANN. Some domain registrars will then lock the domain against changes until the domain owner provides them with valid ID info. If you do that, and you then get them kicked off an ISP, their domain is locked to an ISP that won't host them, and they can't fix it without disclosing their identity to their registrar.
In this case, the spammer had their own DNS server, so they could quickly move their sites from ISP to ISP. But I managed to get all three of the domains that handled their DNS queries locked, then kicked off ISPs, which took down their entire set of sites.
It turned out that the CEO of their ISP's upstream provider in Russia was somebody I knew from the 1980s, so I was able to get even a Russian ISP to cooperate.
You don't have to sit there and put up with this stuff. You can fight back and win.
They list one email as being particularly interesting, as copied below.
For me, the really intriguing bit is that they talk about "hosting" a lot, so much so that it appears to be a codeword for "spamming". Its a fairly obvious thing to do for someone who makes their money off spam - try to keep a low profile and not discuss their business openly.
Check out this page and scroll down to the link labelled Commentator: Telemarketer's View. This woman actually considers the people who hung up on her to be rude. Given that there are so many fraudulent telemarketers who record everything you say and edit together a tape that has you agreeing to buy a three-year supply of alligator repellent, we have to assume that all telemarketers are criminals and that it is unsafe to say anything to any of them. Hanging up on them is simply self-defense. Since telemarketing is even more intrusive than spamming, I don't think anyone will mourn it if it passes without harsher measures.
Regardless of the payment type, I would expect any institution responsible for the brokering of money to have information about the buyers and sellers of said services or products.
Stocks have their regulations and their governing bodies. Banks for Direct Debit are ultimately responsible for who is making wildrawals from our checking accounts. Paypal must eventually disburse payments through something similar.
My point: I'm ready to start pulling all my money out of banks. I've already canceled 2 out of 3 CCs due to unscrupulous behavior of merchants. One was charging me a monthly. When I tried to track it down I got nowhere. I called them up and they couldn't even tell me what products or services they sold! How the hell did my CC validate a purchase without knowing what business these pogos were in? There is no way to block a merchant from issueing a purchase. You can only declare purchases as fraud. Who wants to do that every month? The other CC I canceled, I did so because I started receiving alot of those class-action notifications against them. Hopefully if enough people react similarly, some money hungry executive will start asking why he's seeing a decline in membership. If consumers sit on their fat ass and take it as business as usual, we will continue to see ripoffs.
Some may say the CC are not at fault, but I say they are at fault for not knowing who these merchants are and allowing them to bill consumers. I can no longer trust banks to act in ANY small interest of the consumer.
My conclusion is these spammers are being protected by the prince of dakness. MS and gov chasing phantoms at the misdirection of those that know better, may prolong this war for the profit of all involved. Not for any silly naive principle any of us are hoping for. Shed them.
"Last one in is a rotten goblin!" - Kepp