Jump to content

Where are spammers getting email addresses on my private domain from?


MisterBill
 Share

Recommended Posts

I have my own domain, and I use different email addresses at different sites (like starbucks[at]mydomain.us) so I can tell where my address came from if/when their mailing list gets stolen (I use wildcard forwarding so I don't need to define each address). It turns out that this happens a lot more often than you'd think and I've been getting emails at addresses used at only a single site for a while now. They seem to come in batches, typically it's some of the nasty stuff with attachments and thanks to Spamcop I've determined that it comes from different sites, so I'm guessing it's being sent by zombie machines.

Interestingly, I rarely get this spam at addresses that I've never used, so this says to me that something is getting these addresses and I'd like to know how. I've always figured that it was various sites that got hacked. My email addresses from sites like Consumerist, Couponmom and Opentable that routinely get spam. Some of those that have been compromised for a while I've set up dummy forwarding for (to a non-existent address) so I don't get those anymore. I got a really huge batch of this spam today (it's been bad for the past week), and included in it was one sent to a "citi" address, which I've used for Citibank and nothing else (and this is the first time I've seen spam sent to it). So this means that either their database has been hacked, or else the spammers are getting my addresses from some other source. My mail is forwarded thru Namecheap's forwarding service to my Verizon mailbox. It seems like they'd be getting it from one of those sources, or from my machine, and I think that the latter is pretty unlikely.

Fortunately all of this stuff ends up in my Verizon spam folder, but I would love to figure out how this is happening. Any ideas?

Link to comment
Share on other sites

Sometimes companies you give your email address to are after a quick buck and sell their mailing lists to other companies. Trouble is, it is unlikely that the people have given their consent to be on a "new" mailing list......

Link to comment
Share on other sites

Sometimes companies you give your email address to are after a quick buck and sell their mailing lists to other companies. Trouble is, it is unlikely that the people have given their consent to be on a "new" mailing list......

Yes it only takes one of your contacts to be compromised and all of their email addresses would be scraped!

Also your emails are sent and received through many servers which log them and a security risk

Go through your headers and see how many servers look at your email.

http://www.yougetsignal.com/tools/visual-tracert/

I recommend you look at a VPN I use "Private Internet Access" or "PIA" they encrypt to and from your computer at least

Better still look at PGP

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...