Question from the comments

On yesterday’s post there is a question in the comments that I think needs a bit more discussion.

I guess the real question as a recipient is if you are getting so much spam that you cannot spot the good from the chaff, what did you do to start with to get your address syndicated on so many bad lists?

There are a lot of ways spammers get addresses. Some of them rely on users to submit email addresses to various web forms. Many of them don’t.

  1. Having an email address for a long time. The address I’ve had for 15+ years (and stopped actively using for any mail in mid 2003) gets a lot of spam.
  2. Have an email address in any sort of public place. The two email addresses I have on webpages get lots of spam. One of those addresses is actually the contact address for Word to the Wise sales and receives perhaps 3 or 400 spams a day.
  3. Send email to someone who subsequently gets infected with a virus. Viruses are scraping computers and sending lists of email addresses back to the mother ship.
  4. Send email to any public mailing list.
  5. Sign up with a trustworthy company that subsequently gets hacked and their list stolen. My addresses have leaked from such giant companies as Intuit and Sony.
  6. Just have an email address, even if you never use it or never give it to anyone. There is a lot of very bad spamware out there that will create email addresses. I get lots of spam to laura-infodd@ and laura-infonn@ addresses. These are not tagged addresses I’ve ever used anywhere, but they’re getting spam (hundreds a day).

Not every bit of spam is a result of what the recipient has done. Having the same email address for more than a year or 18 months means that it is out there and the spammers find it, even if the recipient is very careful with where they give the address. For instance, one of my email addresses has never been used to sign up for any commercial email, but received almost 300 spams yesterday.
Spammers will find you, even if you closely protect your email address.

Related Posts

Just Leave Me Alone Already

I tend to avoid online sites that require you to register and provide information including email addresses. In my experiences companies cannot resist sending email and my email load is extremely heavy and I want less email, not more. Sometimes, though, what I need to do requires an online registration and giving an email address to a company I would really prefer not to have it.
Recently, I had to register online with AT&T Wireless. My iPhone was getting repeated text spams and I wanted it to stop. The only way to do this is register online. Registering online required giving them an email address.
The text spam has stopped, but they have been sending me almost daily emails since then. Each email has an opt-out, and I have availed myself of every opportunity to opt-out. Each opt-out link takes me to a different site, a different page, a different process.
In two of the cases, AT&T seems to be violating the new CAN SPAM provisions. For one, I had to tell them what I wanted to opt-out of (email or phone) and then was taken to a page where I had to input my cell number, my email address and request to be removed. In another case,  I was forced to login to my online wireless account and then was able to change preferences. In only one of the 3 opt-outs I have requested, was the opt-out form actually a single click, just requiring my email address.
I am wondering just how many mailing lists AT&T added my address to and how often they will continue sending me mail after their 10 days are up. It is this level of frustration, that mail just keeps coming and coming and coming even after the recipient has repeatedly attempted to opt-out, that causes people to hit the “this is spam” button on mail that the sender thinks is opt-in.
But, really, AT&T, please stop sending me mail that I never asked for, and that I have repeatedly asked you to stop sending me by jumping through your hoops. Oh, and you may consider sharing the opt-out data with all the same internal groups that you shared my email address with initially.

Read More

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More

The unexpected email

In almost every discussion of “how to stop spam” someone will come up with the idea that if a recipient only allowed known people to send them email then the spam problem would be solved. There are lots of problems with this type of solution, but one of the biggest is that it ignores that sometimes the unexpected email is wanted. Typically, these unexpected but wanted emails is from an old friend or contact. But sometimes, the unexpected email can actually look like unsolicited bulk email and yet be wanted.
I actually received one of those emails today. The folks at http://schmap.com found my flickr stream and sent me email asking me for permission to use a couple of my photos in their London city guide. Completely unexpected, but very welcome email.
Sometimes, in the struggle to keep email useful and to keep spam out of the inbox, we forget how useful and wanted that unexpected email can be.

Read More