MisterBill Posted April 22, 2021 Share Posted April 22, 2021 Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain. I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids. They all have 8888 in the subject line and are a similar format, with a URL pointing to a site in the Philippines. The emails are sent through different servers per Spamcop. It almost seems like some site that manages mailing lists got hacked and addresses got stolen. Is there anyone who actually investigates spammers anymore, or somewhere to discuss this other than here? I can't be the only one seeing this. I looked on Reddit and was unable to find an appropriate place to discuss so I came back here as a fallback, but even these boards don't seem to be very busy anymore. Quote Link to comment Share on other sites More sharing options...
petzl Posted April 22, 2021 Share Posted April 22, 2021 1 hour ago, MisterBill said: Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain. I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids. They all have 8888 in the subject line and are a similar format, with a URL pointing to a site in the Philippines. The emails are sent through different servers per Spamcop. It almost seems like some site that manages mailing lists got hacked and addresses got stolen. Is there anyone who actually investigates spammers anymore, or somewhere to discuss this other than here? I can't be the only one seeing this. I looked on Reddit and was unable to find an appropriate place to discuss so I came back here as a fallback, but even these boards don't seem to be very busy anymore. Would help if you sent a SpamCop Tracking URL (top of page BEFORE you submit) ExampleHere is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6710031076zbd573a3adb8731630811177659b869faz Quote Link to comment Share on other sites More sharing options...
MisterBill Posted April 22, 2021 Author Share Posted April 22, 2021 Thanks. Here's the link. https://www.spamcop.net/sc?id=z6710032672z2e5edeb821389227f9c6126db5290b12z Quote Link to comment Share on other sites More sharing options...
MisterBill Posted April 22, 2021 Author Share Posted April 22, 2021 Here's another https://www.spamcop.net/sc?id=z6710032794z03f4d1b80cc92f5fae783a52e9092ac4z Quote Link to comment Share on other sites More sharing options...
MisterBill Posted April 22, 2021 Author Share Posted April 22, 2021 One more…and AOL/Verizon isn't even detecting most of these as spam. https://www.spamcop.net/sc?id=z6710065633z192f91b1f7193305693b068e59643ee1z Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted April 22, 2021 Share Posted April 22, 2021 15 hours ago, MisterBill said: Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain. If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject. 15 hours ago, MisterBill said: I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids. I have noticed this too and my first email addresses to starting getting spam were hotmail and yahoo. I believe that some of the "free" address are sold to third party. Now I have my own domain too and I setup separate email address for each one, to use as a throwaway and also so I know which idiot may have shared it with the spammers. Quote Link to comment Share on other sites More sharing options...
petzl Posted April 22, 2021 Share Posted April 22, 2021 17 hours ago, MisterBill said: Thanks. Here's the link. https://www.spamcop.net/sc?id=z6710032672z2e5edeb821389227f9c6126db5290b12z The link is dead so maybe the spammer is to? First link connect but the "Clicca su questo link!" (Click on this link! ) is dead Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted April 24, 2021 Share Posted April 24, 2021 On 4/22/2021 at 4:11 PM, petzl said: The link is dead so maybe the spammer is to? First link connect but the "Clicca su questo link!" (Click on this link! ) is dead When the links are taken down (someone starts taking action against some part of the spam), it makes the reports satisfying. Quote Link to comment Share on other sites More sharing options...
MisterBill Posted April 24, 2021 Author Share Posted April 24, 2021 3 minutes ago, gnarlymarley said: When the links are taken down (someone starts taking action against some part of the spam), it makes the reports satisfying. Yes, and the spam has stopped. But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted April 24, 2021 Share Posted April 24, 2021 2 hours ago, MisterBill said: But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised. About 20 years ago, some of the sites would have a selected checkbox that there they would "share your address with third party companies". Though I am not sure if they are still using such a checkbox upon sign up, maybe the practice is still going on? If the places where you did share your addresses are not sharing it, then I would have to believe they were compromised. Quote Link to comment Share on other sites More sharing options...
petzl Posted April 25, 2021 Share Posted April 25, 2021 3 hours ago, MisterBill said: Yes, and the spam has stopped. But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised. Usually 'Transport Layer Security (TLS)" not being used by email receiver. You can check a email server IP here.https://mxtoolbox.com/diagnostic.aspx Quote Link to comment Share on other sites More sharing options...
ninth Posted April 21 Share Posted April 21 On 4/23/2021 at 3:58 AM, gnarlymarley said: If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject. I would like yahoo or any mail service to allow wildcards to block serial spammers using never ending combinations on the end of fields. It takes so long to block each sender and it doesn't take long to reach the limit of 1000. In one case the spammer was allocated batches of 100 domains sent one per day in random order so I blocked what was left of the 1-99 and 2 days later I got one last message with 00. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.