The times may be changing. This web site is no longer maintained and may be outdated. It is retained primarily for historical reasons.
«The history of a spamhaus exposed»

>> Analysis of incoming mail

On July 3 2003, was re-registered by, a Dutch foundation fighting spam. Previously, the domain was owned by the company Cyberangels, who have been majorly involved in spamming. They felt forced to drop it when the ground under their feet got too hot. (The history of that affair is listed on our main page.)

Since MX-records for now point to too, we get all their mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of a day? By now, we have a very precise answer: 6305 mails. Here is the breakdown of those mails.

  1. Introduction: 6305 mails in (basically) one day
  2. We received 5880 bounces and forwards
  3. We received 12 spams for @cyberangels
  4. We received 40 attempts to annoy Cyberangels
  5. We received 371 complaints about Cyberangels
  6. We received 2 business mails, one of which was addressed to Later, another mail addressed to martijn@cyberangels arrived, plus a third mail addressed to (apparently a .forward for

>> Introduction: 6305 mails in (basically) one day

Twenty minutes after Megaprovider asked its registrar to drop the domain on Thursday, 03 Juli 2003, (a Dutch anti-spam foundation) obtained it. We wanted to make a website logging the affair, but most of all we wanted to prevent the spammers from ever getting the domain back again.

As a bonus, mail started pouring in Friday morning, when the NL-zonefiles were updated: the MX-records of were now pointing to us. (We made a catch-all for all adresses.) The first few hours, literally thousands of mails reached us: 5919 mails, most of them forwarded bounces. By now, the avalanche has dwindled to a trickle. What we receive now is mostly complaints.

Until now - 06-07-2003, 23:00 GMT+1 - we have received a grand total of 6305 mails. The oldest is dated Tue, 24 Jun 2003 01:10:17 GMT+1, and the bulk of the mail was sent between 01 July and 04 July 2003.

>> We received 5880 bounces and forwards

Apparently, Cyberangels - or one of their buddies hosting a website on their servers - sent a number of spamruns purporting to be from e-mail addresses not within their domain. Some of these addresses may have been real, others may not have existed.

Of course, the bounces of the spam run started arriving at these addresses. Either the people involved or their providers created .forwards, so that all these bounces ended up being redirected to With two accounts ( and all other spam received on them seems to have been forwarded to

Only one postmaster forwarded non-deliverable spam for his addresses straight to Those spam mails, incidentally, looked like they were sent by

Here's a short breakdown of what these abused addresses forwarded. We suspect that they must have received many more bounces on behalf of Cyberangels, and we offer this breakdown as an example of the abuse that spammers create:

abused provider abused account e-mails between rjnr 3059   24-06 / 04-07-2003 0005644986 2240   29-06 / 04-07-2003 livenlearn13 527   29-06 / 04-07-2003 20   30-06 / 07-07-2003 20   01-07 / 05-07-2003 frederickatingle_up 6   02-07-2003

Additionally, and as a further annoyance, these addresses were now in quite some people's mail folders. Thus, they received some virii when a spammee was infected. Those got forwarded, too:

abused account virii 4 2 1 1  

If in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.

>> We received 12 spams for @cyberangels

Both ba@cyberangels and ripe-contact@cyberangels recieved some spam:

  1. Mr. RASHEED BELLO sent ba@ six Nigerian scams;
  2. spammed four times with something rather illegible;
  3. Mr. Ken Titoh was hoping to assist Mr. RASHEED BELLO;
  4. Somebody believed that a Cyberangels' dick was too small.

>> We received 40 attempts to annoy Cyberangels

Some people tried to get rid of their annoyance. We recieved:

  1. 2 attempts to subscribe ba@cyberangels to a gay magazine;
  2. 6 spams by about autoresponders, with a 1,3 Mb file called '' attached (5 of these were sent to ripe-contact@, 1 to;
  3. 14 messages indicated that somebody had been 'spamming' in Cyberangels' name. We received received 14 'address incorrect' e-mails, bouning to the 'original' sender;
  4. 18 'autoresponder' messages purporting to be sent from ba@ to support@, containing a link to a 'spamming is baaaaaad' page .

>> We received 371 complaints about Cyberangels

... In reply to which we have sent 132 letters explaining the new situation. We received two positive replies to that, and five bounces - apparently, some people regarded our reply to be spam.

146 of these complaints were not about spam but about (repeated) port scans. Some people complained about having been port scanned for weeks, or referred to previous complaints that they had lodged.

>> We received 2 business mails

  1. 1 announcing that a request to cancel the domain has been received by's registrar;
  2. 1 other mail, enquiring about hosting services and addressed to

>> About

> Contact:
> news and announcement page
> Board, volunteers and statutes of