Jump to content

How did they get my emails?


l008com

Recommended Posts

OK this question is the most basic. How did the spammers get all 15 of my email addresses? I've been very careful about not posting any of them on the web. I've always very careful to check the "don't spam me' box when I'm signing up for things. Where are they getting my addresses from? What are some ways I might not be realizing? From time to time I do google myself and find an email address or two listed on some random web site for some random reason, and I always contact them and have them remove it.

What do you think?

Link to comment
Share on other sites

OK this question is the most basic. How did the spammers get all 15 of my email addresses? I've been very careful about not posting any of them on the web. I've always very careful to check the "don't spam me' box when I'm signing up for things. Where are they getting my addresses from? What are some ways I might not be realizing? From time to time I do google myself and find an email address or two listed on some random web site for some random reason, and I always contact them and have them remove it.

What do you think?

Are all of those addresses in your address book? (Virus on your machine)

Are all of those addresses in anybody's address book? (Virus on someone elses machine)

Are all of those addresses with only one domain? (dictionary attack)

These are just the first few possibilities that come to mind.

Link to comment
Share on other sites

Are all of those addresses in anybody's address book? (Virus on someone elses machine)
Actually, it's not necessary to be in the other person's Address Book...it used to be that way many years ago, but now, all that's necessary is for them to have received a message containing your address anywhere in the headers, even in a large group of CCs, and that they didn't delete the message, or didn't empty their trash.

DT

Link to comment
Share on other sites

And even worse, in the last few years, some of the virii/trojans/whatever have even taken to simply sitting back and watching 'everything' flowing by, snagging anything with an [at] sign in it .. coming in, going out, doesn't matter .... as far as 'scanning' files, being limited to just the address book was removed eons ago .. some of these bad things scan all kinds of files, again, looking for "anything" with an [at] sign in it ...

Link to comment
Share on other sites

I've always very careful to check the "don't spam me' box when I'm signing up for things.

Which does not mean much. Respectable companies will of course honour your request, while other, less reputable companies won't care about it or sell your addres to spammers.

Another often overlooked possibility: Respectable company goes bankrupt, contact database is sold with other assets, buyer is... you get the picture...

That's why single-use, throw-away accounts are so useful ;-)

Good luck,

A. Friend

Link to comment
Share on other sites

SpamCop e-mail service also has them, I believe.
No, I don't think so. SC email customers can create and infinite amount of *custom* addresses by adding a "+" and a value to the username portion of their address, but mail sent to those addresses all comes to the single associated mailbox, and IIUC, can't be blocked based on the address used.

So, for a purchase, if I created:

username+onlinecutlery (at) spamcop.net

that would route mail to:

username (at) spamcop.net

but I don't think I'd ever be able to "throw it away" and block all mail sent to that custom address. Sure, I could create *filters* in either my SC webmail interface or my local mail client to detect that string in the address headers (unless the address is BCC'ed and not explicitly in the headers), but then the messages would still be getting through, but they could be automatically manipulated/filed/etc. once received.

Please correct me, anyone who knows better.

DT

Link to comment
Share on other sites

I recommend Sneakemail ( http://www.sneakemail.com ). I've been using it for a couple years, and my spam volume would be at least double or triple if not for that. Limited accounts (bandwidth limit only i think) are free. You create unique forwarding addresses (i.e., they redirect to your real address), and have a 'desktop' for managing them. So, each time you sign up with a company you're unsure of (or every company, if you want), pop over to sneakemail, create a new address (pretty quick process), and use that new one. You now will know if spam ever comes from that company, or as a result of their actions, because all email to you through that forwarding address will be identifiable to them. I've had 3/4 addresses scraped/sold/etc, in the years I've been using them. Posts about one of these Here.

Edit: link fixed.

Link to comment
Share on other sites

I recommend Sneakemail ( http://www.sneakemail.com ). I've been using it for a couple years, and my spam volume would be at least double or triple if not for that. Limited accounts (bandwidth limit only i think) are free. You create unique forwarding addresses (i.e., they redirect to your real address), and have a 'desktop' for managing them. So, each time you sign up with a company you're unsure of (or every company, if you want), pop over to sneakemail, create a new address (pretty quick process), and use that new one. You now will know if spam ever comes from that company, or as a result of their actions, because all email to you through that forwarding address will be identifiable to them. I've had 3/4 addresses scraped/sold/etc, in the years I've been using them. Posts about one of these Here.

Edit: link fixed.

The only problem I have is remembering my desktop login when away from home. I only have a couple of sneakemail addresses in circulation. Using only a spamcop address for the most part has done quite well.

Plus, I like reporting, so I need the spam ;)

Link to comment
Share on other sites

I just got a spam using a friend's name in the forged address, it was directing to My Canadian Pharmacy, which I've had countless spams linking to, always with a different URL but same page layout. Does this mean someone is looking at my emails and harvesting legitimate names to fool filters? And if so why?

The person whose name has been used is understandably concerned. I traced the sender to mx2.1-toit-o-soleil.com, which is located at amen.fr who have responded they are looking into it. The forged address was 1000deaths.com, a suicide support site which is currently down. Should I be paranoid????

Link to comment
Share on other sites

I just got a spam using a friend's name in the forged address, it was directing to My Canadian Pharmacy, which I've had countless spams linking to, always with a different URL but same page layout. Does this mean someone is looking at my emails and harvesting legitimate names to fool filters? And if so why?

The person whose name has been used is understandably concerned. I traced the sender to mx2.1-toit-o-soleil.com, which is located at amen.fr who have responded they are looking into it. The forged address was 1000deaths.com, a suicide support site which is currently down. Should I be paranoid????

It is more likely that a virus harvested your address and your friend's address from someone who had both addresses in hir address book and was infected.

Spammers mostly listwash if they identify reporters. There are cases where, if you manually lart, a spammer will respond, sometimes rudely, but not very often any more.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...