Jump to content

Getting lots of spam to email addresses on my private domain - how did they get them?

MisterBill

By MisterBill
in SpamCop Lounge

 Share

Recommended Posts

MisterBill Member

MisterBill

Posted
Posted

Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain.

I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids. They all have 8888 in the subject line and are a similar format, with a URL pointing to a site in the Philippines. The emails are sent through different servers per Spamcop. It almost seems like some site that manages mailing lists got hacked and addresses got stolen.

Is there anyone who actually investigates spammers anymore, or somewhere to discuss this other than here? I can't be the only one seeing this.  I looked on Reddit and was unable to find an appropriate place to discuss so I came back here as a fallback, but even these boards don't seem to be very busy anymore.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted
1 hour ago, MisterBill said:

Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain.

I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids. They all have 8888 in the subject line and are a similar format, with a URL pointing to a site in the Philippines. The emails are sent through different servers per Spamcop. It almost seems like some site that manages mailing lists got hacked and addresses got stolen.

Is there anyone who actually investigates spammers anymore, or somewhere to discuss this other than here? I can't be the only one seeing this.  I looked on Reddit and was unable to find an appropriate place to discuss so I came back here as a fallback, but even these boards don't seem to be very busy anymore.

Would help if you sent a SpamCop Tracking URL (top of page BEFORE you submit)

Example
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6710031076zbd573a3adb8731630811177659b869faz

Link to comment
Share on other sites
gnarlymarley Advanced Member

gnarlymarley

Posted
Posted
15 hours ago, MisterBill said:

Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain.

If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject.

15 hours ago, MisterBill said:

I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids.

I have noticed this too and my first email addresses to starting getting spam were hotmail and yahoo.  I believe that some of the "free" address are sold to third party.  Now I have my own domain too and I setup separate email address for each one, to use as a throwaway and also so I know which idiot may have shared it with the spammers.

Link to comment
Share on other sites
gnarlymarley Advanced Member

gnarlymarley

Posted
Posted
On 4/22/2021 at 4:11 PM, petzl said:

The link is dead so maybe the spammer is to?
 First link connect but the "Clicca su questo link!" (Click on this link! ) is dead

When the links are taken down (someone starts taking action against some part of the spam), it makes the reports satisfying.

Link to comment
Share on other sites
MisterBill Member

MisterBill

Posted
  • Author
Posted
3 minutes ago, gnarlymarley said:

When the links are taken down (someone starts taking action against some part of the spam), it makes the reports satisfying.

 

Yes, and the spam has stopped. But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised.

Link to comment
Share on other sites
gnarlymarley Advanced Member

gnarlymarley

Posted
Posted
2 hours ago, MisterBill said:

But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised.

About 20 years ago, some of the sites would have a selected checkbox that there they would "share your address with third party companies".  Though I am not sure if they are still using such a checkbox upon sign up, maybe the practice is still going on?  If the places where you did share your addresses are not sharing it, then I would have to believe they were compromised.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted
3 hours ago, MisterBill said:

 

Yes, and the spam has stopped. But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised.

Usually 'Transport Layer Security (TLS)" not being used by email receiver. 
You can check a email server IP here.
https://mxtoolbox.com/diagnostic.aspx

Link to comment
Share on other sites
  • 1 year later...
ninth Advanced Member

ninth

Posted
Posted
On 4/23/2021 at 3:58 AM, gnarlymarley said:

If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject.

I would like yahoo or any mail service to allow wildcards to block serial spammers using never ending combinations on the end of fields. It takes so long to block each sender and it doesn't take long to reach the limit of 1000. In one case the spammer was allocated batches of 100 domains sent one per day in random order so I blocked what was left of the 1-99 and 2 days later I got one last message with 00. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...