Question from the comments

On yesterday’s post there is a question in the comments that I think needs a bit more discussion.

I guess the real question as a recipient is if you are getting so much spam that you cannot spot the good from the chaff, what did you do to start with to get your address syndicated on so many bad lists?

There are a lot of ways spammers get addresses. Some of them rely on users to submit email addresses to various web forms. Many of them don’t.

  1. Having an email address for a long time. The address I’ve had for 15+ years (and stopped actively using for any mail in mid 2003) gets a lot of spam.
  2. Have an email address in any sort of public place. The two email addresses I have on webpages get lots of spam. One of those addresses is actually the contact address for Word to the Wise sales and receives perhaps 3 or 400 spams a day.
  3. Send email to someone who subsequently gets infected with a virus. Viruses are scraping computers and sending lists of email addresses back to the mother ship.
  4. Send email to any public mailing list.
  5. Sign up with a trustworthy company that subsequently gets hacked and their list stolen. My addresses have leaked from such giant companies as Intuit and Sony.
  6. Just have an email address, even if you never use it or never give it to anyone. There is a lot of very bad spamware out there that will create email addresses. I get lots of spam to laura-infodd@ and laura-infonn@ addresses. These are not tagged addresses I’ve ever used anywhere, but they’re getting spam (hundreds a day).

Not every bit of spam is a result of what the recipient has done. Having the same email address for more than a year or 18 months means that it is out there and the spammers find it, even if the recipient is very careful with where they give the address. For instance, one of my email addresses has never been used to sign up for any commercial email, but received almost 300 spams yesterday.
Spammers will find you, even if you closely protect your email address.

The unexpected email
Double opt-in, it's not what you think it is

Related Posts

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More

Monitoring customers at ESPs

In the past I’ve talked about vetting clients, and what best effort encompasses when ESPS try to keep bad actors out of their systems. But what does an ESP do to monitor clients ongoing? Al Iverson from ExactTarget says that they:

Read More

Political Spam

At Adventures in Email Marketing, there is a post up this morning about political spam. It seems Anna discovered that providing her email address on her voter registration card not only results in political groups sending her email to that address, but also that political email does not have to follow the rules of CAN SPAM. The article ends with a few questions and makes some suggestions.

Read More