Jump to content
Sign in to follow this  
l008com

How did they get my emails?

Recommended Posts

OK this question is the most basic. How did the spammers get all 15 of my email addresses? I've been very careful about not posting any of them on the web. I've always very careful to check the "don't spam me' box when I'm signing up for things. Where are they getting my addresses from? What are some ways I might not be realizing? From time to time I do google myself and find an email address or two listed on some random web site for some random reason, and I always contact them and have them remove it.

What do you think?

Share this post


Link to post
Share on other sites

OK this question is the most basic. How did the spammers get all 15 of my email addresses? I've been very careful about not posting any of them on the web. I've always very careful to check the "don't spam me' box when I'm signing up for things. Where are they getting my addresses from? What are some ways I might not be realizing? From time to time I do google myself and find an email address or two listed on some random web site for some random reason, and I always contact them and have them remove it.

What do you think?

Are all of those addresses in your address book? (Virus on your machine)

Are all of those addresses in anybody's address book? (Virus on someone elses machine)

Are all of those addresses with only one domain? (dictionary attack)

These are just the first few possibilities that come to mind.

Share this post


Link to post
Share on other sites
Are all of those addresses in anybody's address book? (Virus on someone elses machine)
Actually, it's not necessary to be in the other person's Address Book...it used to be that way many years ago, but now, all that's necessary is for them to have received a message containing your address anywhere in the headers, even in a large group of CCs, and that they didn't delete the message, or didn't empty their trash.

DT

Share this post


Link to post
Share on other sites

And even worse, in the last few years, some of the virii/trojans/whatever have even taken to simply sitting back and watching 'everything' flowing by, snagging anything with an [at] sign in it .. coming in, going out, doesn't matter .... as far as 'scanning' files, being limited to just the address book was removed eons ago .. some of these bad things scan all kinds of files, again, looking for "anything" with an [at] sign in it ...

Share this post


Link to post
Share on other sites

I've always very careful to check the "don't spam me' box when I'm signing up for things.

Which does not mean much. Respectable companies will of course honour your request, while other, less reputable companies won't care about it or sell your addres to spammers.

Another often overlooked possibility: Respectable company goes bankrupt, contact database is sold with other assets, buyer is... you get the picture...

That's why single-use, throw-away accounts are so useful ;-)

Good luck,

A. Friend

Share this post


Link to post
Share on other sites

That's why single-use, throw-away accounts are so useful ;-)

Who has the best single-use, throw-away e-mail accounts? I couldn't find any consistent reviews using Google.

Share this post


Link to post
Share on other sites
Who has the best single-use, throw-away e-mail accounts? <snip>
...Not sure about the best, but I see sneakemail (sp?) mentioned frequently. SpamCop e-mail service also has them, I believe.

...Happy hunting!

Share this post


Link to post
Share on other sites
SpamCop e-mail service also has them, I believe.
No, I don't think so. SC email customers can create and infinite amount of *custom* addresses by adding a "+" and a value to the username portion of their address, but mail sent to those addresses all comes to the single associated mailbox, and IIUC, can't be blocked based on the address used.

So, for a purchase, if I created:

username+onlinecutlery (at) spamcop.net

that would route mail to:

username (at) spamcop.net

but I don't think I'd ever be able to "throw it away" and block all mail sent to that custom address. Sure, I could create *filters* in either my SC webmail interface or my local mail client to detect that string in the address headers (unless the address is BCC'ed and not explicitly in the headers), but then the messages would still be getting through, but they could be automatically manipulated/filed/etc. once received.

Please correct me, anyone who knows better.

DT

Share this post


Link to post
Share on other sites

That is correct. I use it to identify who may have sold my address except many online forms do not accept the + as valid.

Share this post


Link to post
Share on other sites

I recommend Sneakemail ( http://www.sneakemail.com ). I've been using it for a couple years, and my spam volume would be at least double or triple if not for that. Limited accounts (bandwidth limit only i think) are free. You create unique forwarding addresses (i.e., they redirect to your real address), and have a 'desktop' for managing them. So, each time you sign up with a company you're unsure of (or every company, if you want), pop over to sneakemail, create a new address (pretty quick process), and use that new one. You now will know if spam ever comes from that company, or as a result of their actions, because all email to you through that forwarding address will be identifiable to them. I've had 3/4 addresses scraped/sold/etc, in the years I've been using them. Posts about one of these Here.

Edit: link fixed.

Edited by Jank1887

Share this post


Link to post
Share on other sites

I recommend Sneakemail ( http://www.sneakemail.com ). I've been using it for a couple years, and my spam volume would be at least double or triple if not for that. Limited accounts (bandwidth limit only i think) are free. You create unique forwarding addresses (i.e., they redirect to your real address), and have a 'desktop' for managing them. So, each time you sign up with a company you're unsure of (or every company, if you want), pop over to sneakemail, create a new address (pretty quick process), and use that new one. You now will know if spam ever comes from that company, or as a result of their actions, because all email to you through that forwarding address will be identifiable to them. I've had 3/4 addresses scraped/sold/etc, in the years I've been using them. Posts about one of these Here.

Edit: link fixed.

The only problem I have is remembering my desktop login when away from home. I only have a couple of sneakemail addresses in circulation. Using only a spamcop address for the most part has done quite well.

Plus, I like reporting, so I need the spam ;)

Share this post


Link to post
Share on other sites

I just got a spam using a friend's name in the forged address, it was directing to My Canadian Pharmacy, which I've had countless spams linking to, always with a different URL but same page layout. Does this mean someone is looking at my emails and harvesting legitimate names to fool filters? And if so why?

The person whose name has been used is understandably concerned. I traced the sender to mx2.1-toit-o-soleil.com, which is located at amen.fr who have responded they are looking into it. The forged address was 1000deaths.com, a suicide support site which is currently down. Should I be paranoid????

Share this post


Link to post
Share on other sites
I just got a spam using a friend's name in the forged address,

Merged this 'new' post into an existing Topic/Discussion which is targetted to the same question ...

PM sent to advise of the Move/Merge ....

Share this post


Link to post
Share on other sites

I just got a spam using a friend's name in the forged address, it was directing to My Canadian Pharmacy, which I've had countless spams linking to, always with a different URL but same page layout. Does this mean someone is looking at my emails and harvesting legitimate names to fool filters? And if so why?

The person whose name has been used is understandably concerned. I traced the sender to mx2.1-toit-o-soleil.com, which is located at amen.fr who have responded they are looking into it. The forged address was 1000deaths.com, a suicide support site which is currently down. Should I be paranoid????

It is more likely that a virus harvested your address and your friend's address from someone who had both addresses in hir address book and was infected.

Spammers mostly listwash if they identify reporters. There are cases where, if you manually lart, a spammer will respond, sometimes rudely, but not very often any more.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×