The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spying on a customer e-mails, is it possible ?

Discussion in 'E-mail Discussions' started by mpierre, May 7, 2003.

  1. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    I have a customer I suspect is using his account to commit credit card fraud.

    I would like to get a copy of all received and sent e-mails from his domain, to store them in case I should contact the authorities to report him.

    However, the only e-mails I can read, are those in his inbox before he takes them, and he takes his e-mails every minute ( which I allow ), which doesn't leave a very good picture of what he does.

    I know I can setup a forwarder to another e-mail address in the email configuration file, but that fowarder will be shown in the Cpanel forwarder config for his domain.

    He does setup forwarders frequently ( adding new names and removing old ones ), as his frauds continue.

    As for catching the e-mails sent via my SMTP server, I have NO idea where to start to get a copy !

    Of course, I don't want to get copies of ALL the e-mails sent and received on my server, but if it is that it takes, I could always do it...

    Problem is not only that I am afraid I will get a warrant for his e-mails, but also that I would prefer to stop him BEFORE such a warrant arrive and be prepared to cooperate with the authorities.
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    You can't lawfully do what you are suggesting. Taking matters into your own hands is illegal. If anything is going on, just wait for the warrant.
     
  3. vishal

    vishal Well-Known Member

    Joined:
    Jan 28, 2003
    Messages:
    340
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Re: Re: Spying on a customer e-mails, is it possible ?

    This is very correct. But i would suggest that if the client is doing something illegal then u must look into this.

    AFAIK use Exim filter for doing what u want. see /etc/vfilters/hisdomain.com and put the exim filters command there to forward the mails to your account.

    Search EXIM FILTER

    Regards,
    :D
     
  4. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    It is not a matter of taking justice in my own hands !!!

    You are avoiding the question...

    1 - It is MY server, so it is within MY rights to check e-mails for violations.
    2 - If a warrant DOES come in, I don't have ANYTHING to report... since I don't have a logfile of all the e-mails that came in.
    3 - I am not in the US, laws are not the same here

    In the US, the law protects communication carriers so that a host cannot be made responsible for the crimes of it's clients. Here, the laws are not as clear, even thought there are protections...

    It could cost me money in lawyers, just to clear things up !

    4 - I am not asking if I can legally do so, but rather if I can technically do so.

    There is a HUGE difference.
     
  5. vishal

    vishal Well-Known Member

    Joined:
    Jan 28, 2003
    Messages:
    340
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Whom are u pointing this post to ?

    Have read whatever i posted?
    use Exim Filter and that will give u what u want ok!

    Regards,
     
  6. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Sorry... I was typing my reply when you posted yours !!!

    So, my reply is below yours, but is directed to the message before yours !!!

    I am currently investigating the exim filter files, as you suggested !
     
  7. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Fair enough. Just make sure that in your Terms of Service that your customers know that you are reading their email.
    Incorrect. You have your mail logs which are usually enough. If a government agency wants proof, they will ask for your assistance in collecting evidence. Collecting mail prior to this point is violation of any decent privacy law.
    I'm not either, so let's not make assumptions.
    The same would go for mobile phone providers, mail carriers, etc. Your point is invalid. Do you really think that mobile phone providers simply start recording phone conversations because they think something illegal is going on? No, they wait for a warrant.
    Sure it's technically possible to trap the contents of both incoming & outgoing mail.
     
  8. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
     
  9. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    If i was you i would start by looking in /var/spool/exim/input. There is always some kind of bounced email that is just sitting in the queue undeliverable for one reason or another. I have at least 1 or 2 msgs sitting out there daily and i do look at them from time to time. It my responsibility as the server owner to keep my server and my users in check at all times. See whats out there and see if you can find something from your suspected user.
     
  10. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    This is actually how I managed to figure out he might possible be frauding...

    I saw in the list of queued messages something odd that could possible mean a fraud attempt.

    But it might be someone trying to use his domain name to make the fraud.

    In any case, it is only by getting the e-mail he does send that I will really know what he is doing...
     
  11. Tom Pyles

    Tom Pyles Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    I'm not sure what country you are from, but you are worried about getting in trouble for NOT spying on your client? If the guy is committing fraud, what kind of trouble do you think you would be in when you are asked how you found out about it? To top it off, what if the guy is not committing any crime and you snoop through his mail? Also, what about any outside issues...suppose he is selling something and a client has (stupidly) mailed a CC number....at that point, you would have a credit card number in your possesion for a transaction that took place between your client and his client.

    I'm not trying to come down on you, but I think you are really opening yourself up to a lot of troubles by going through your clients mail.

    I understand your intent and if you are worried about getting into trouble for not doing anything, then I would make an attempt to do something. Obviously you have a reason to believe he is committing fraud. Could you go to the police yourself and tell them what you know? They can decide if there is something to go after....if not and they don't do anything, you will have that in your favor if something were to happen later ("I suspected something and went to the police...they said there was no crime being committed'). If there is enough for them to look into it, then they can issue whatever they need to so you can do what needs to be done.
     
  12. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Don't get me wrong, I do understand all of that !!!

    But the police will most likely not do anything, out of lack of proof unless I do have e-mails to show them.

    As for only protecting me, it's that I am sick of all the frauders out there who think that the Internet is a perfect shield for their crimes.

    I got for 600$ of chargeback in the last month because
    some guys used a stolen credit card to order hosting.

    What's worse is that since I validated for them that the
    card was good, they probably ordered other merchandise using
    the internet and the e-mail addresses I supplied them, thinking
    they were good clients.

    I contacted thr US secret service, and they are grateful
    for the help, but no one will remimburse me the 600$ of
    chargeback nor the 200$ of chargeback fees...

    My client who I suspect might have used a stolen credit card
    to order ( in which case it will be another chargeback )
    and appears to be using the domain for committing more
    frauds ( possible paying for Ebay auctions, etc.. ).

    I don't just want to protect myself, I want these guys in
    jail, and I don't want other merchants to pay for the chargebacks,
    like I was forced to pay,because in the long run, it is always
    the merchant or the customer that pays for the fraud.

    Waiting for the warrant is like saying "I am not frauding myself,
    so **** the other merchants".

    Banks won't do anything, Credit card companies are not doing
    anything. I sure won't sit on my back while I might save a merchant
    the money.

    In my case, the 600$ I gave back wasn't that bad, because it was
    only hosting and a few domain names.

    But if it had been 600$ of hard goods, I would have lost the
    merchandise AND the money of the merchandise.
     
  13. Tom Pyles

    Tom Pyles Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    Please know that I understand the dilema...We get it to, and we do our part at fighting fraud and get frustrated with some of the results. My post was more of a warning that you could get into serious trouble. Thats all I was getting at. Another suggestion then....if you believe they signed up with a fraudulent credit card to use your services...has anything come up with your own research? I find that all fraud orders that get through our system are using the stolen credit card victims address and phone. You should be able to work off of that.


    My point wasn't to lecture you about it because I'm sure you've thought about it....I'd just be careful...
     
  14. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Thanks... I understand what you are trying to do...

    I do try to call the phone number of the credit card, but NEVER get an answer, not even an aswering machine !!!

    So, I am not better off...
     
  15. mcstoner

    mcstoner Member

    Joined:
    Sep 26, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    in reply to trapping fraud

    The difference that needs to be clearly defined is legal and ethical.

    It is legal to review any material stored on your servers, including the content of email messages being sent through your equipment.

    It is UN-ethical to do so without warning your customers that it may be done.

    We clearly put this is our TOS for all customers, if they don't like this, they are free to NOT use our services. Our lawyers have informed us that there is currently no specific laws regarding the reviewing of email content, once it arrives on our equipment.

    This is not to say that you can't get sued. In the US you can SUE anyone for just about anything, it doesn't mean you will win.

    cPanel.net Support Ticket Number:
     
  16. andrewm

    andrewm Member

    Joined:
    Sep 27, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Suspend his account for TOS violations.

    cPanel.net Support Ticket Number:
     
  17. christi1

    christi1 Well-Known Member

    Joined:
    Oct 20, 2003
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Texas, USA
    If ONE client caused me that much stress, it's a single click to shut him down and tell him to go elsewhere.

    If you want an easy out, email him and tell him you're going to be increasing your rates by 50% to cover more bandwidth, new toys, whatever.

    Then he'll move on his own and your stress is gone. No amount of money, even recurring, is worth that much aggrivation.
     
  18. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    It is not that simple...

    In Québec, consumer protection laws are rather strong.

    In any case, client was found to be ok, but one of his scripts was abused...
     
  19. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Forgive me becuase I have not read entirely this thread word for word but I need to jump in with my 2 cents worth.

    Back in January 2003 I had a similiar thing happen. Yes is illegal to watch email that doesn't belong to you. However we do it all the time when we admin servers. We have to. It's our job ..and yes sometimes we read the content of emails to decide let's say a email is junk and where it could be coming from. The law in general protects people. But no court is going to do anything to a server admin for watching mail. They may not be able to use the data collected in court becuase the mail box owner was not aware he was being watched ..but the the evidence can certainly help the authorities catch and gather other evidence after the warrant.

    If you think about it ..it is your moral obligation to keep an eye on users. and you know what .. most of us run backups ... all of us have tons of mail copied in our backup drives anyway. Does that mean we are breaking the law.

    My situation .. well lets just say I got a nice "pat on the back" for what I went out of my way to do the right thing.
     
  20. ckizer

    ckizer Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    16
    First of all if you have a user agreement then it's probably legal (maybe not ethical). Most generic user agreements or once ripped from somebody else provide you the right to monitor all communications on the network. It's handy to know the exim filter file because if you become large enough you will be contacted (about one of your users) and be asked to monitor them by the FBI or US Marshals. It's happened several times with the companies I work with. Sometimes they just want access to the files, but other times they ask you to monitor the email and forward any communications.

    In this event the exim filter file can be used.
     

Share This Page