As I hope anyone familiar with us is aware, protecting our IP reputation (and therefore chances for inbox delivery of emails that customers send) is pretty much the foundation of MXroute. It’s one of the primary reasons we even exist, to solve the reputation issues that I saw people struggling with when I worked at HostGator in 2013. Well, I’ve been stepping up my game on creating alert conditions that catch indicators of spammers using our systems (the direct opposition to that effort). Today, those alert conditions surfaced an unintended case. It was a bit of a happy accident and I’ll tell you why.
When I saw a new customer sign up with an address only 15 minutes from my home, I was thrilled by the idea that MXroute had developed a reputation that finally made it back home. I smiled, did a little fist pump, and went about my day. Unfortunately, my little celebration wasn’t earned. When the alert conditions surfaced this account, I did what I always do: A quick glance at relevant SMTP logs to make sure this customer wasn’t sending spam. They weren’t, but it was actually worse.
They had impersonated a neighbor with deeply personal details, extending far beyond simply choosing a name and address. They had impersonated this person’s identity down to family owned property, and even that person’s business by registering a typo-squatting domain. They then added over 100 domains to their account that were all slightly adjacent to real businesses, but none of them had a website. They were signing up for credit cards under a wealth of identities, even going as far as to register accounts with US federal government agencies to impersonate people at that level (more than just my neighbor, other people as well). Looking at login history, it turns out that every single login of theirs came from residential proxies (botnet or networks sold for bypassing abuse detection algorithms) or obscure VPNs (maybe TOR). For me, that was enough to move forward.
So I did a bit of recon and found a reliable way to get ahold of the person that this user was impersonating when they signed up with us. We emailed back and forth a bit, of course leaving out any customer information other than to say “Someone claiming to be you signed up with our service, have you been experiencing any signs of identity theft recently?” Anything more than that would require a valid subpoena. We escalated to a phone call where I briefly got to know a bit about the person, and he about me. We easily concluded that he is not an MXroute customer, giving me everything I needed to know to draw my conclusion. It was plainly evident that this guy is going to be answering questions from law enforcement about this account at some point in the future, good that he at least be made minimally aware of that.
Now, I’m not one to just go looking for problems where no one or nothing has alerted me to any, but when someone like this utilizes an internet platform to perform scams of this magnitude, the first question plenty of people ask is “How could you let this happen on your platform?” The answer is usually because they’re not making any effort to protect their platform. I am. That’s the job I asked you to pay me for, and you do.
That user’s account details, data, and logs have all been archived, encrypted, and placed in cold storage as we wait for law enforcement to contact us and send a valid subpoena.
The thing is, when you try to run these scams on MXroute you should count your blessings if you get a chance to cleanup the evidence before you get caught. MXroute is for real, good, hard working people. It is not for people who prey on and rip off those good, hard working people. If that is your goal, I want you to see this here in public today: MXroute is not safe for you. And that’s precisely why it’s safe for everyone else.
And no, this post wasn’t written by AI. It wasn’t edited by AI. It wasn’t proofread by AI. I only ever seem to meet an accusation of using AI at the precise moments that I’m not using AI.