Everything leaks eventually

This site uses Akismet to reduce spam. Learn how your comment data is processed.

• We get hundreds of spam messages in our feedback loop inbox per day. The irony makes me chuckle.
  A trick I found a while back is using a Gmail address with a modifier.
  Say i Have an email address of Pirateninja@gmail.com, I sign up for email lists using Pirateninja+disneyland@gmail.com. the “+disneyland” addition does not affect the delivery of the email, but now i know that If I receive an email sent to “PirateNinja+disneyland@gmail.com” that was not sent by Disney, then I know that either Disney is selling my list, or their database was compromised.
  I wish more ESPs provided a similar system.

• Yup, it’s usually called boxing or address tagging. Many MTAs support it (using +, – or sometimes = as a separator). I’m not sure how long it’s been around, but I’ve used it since the early 90s.
  http://blog.wordtothewise.com/2010/07/tagged-email-addresses/

• I take your point, but I find it striking it is that some places leak like a sieve and some don’t. The Economist leaks, the Atlantic doesn’t. Ameritrade leaks (to the extent of having found malware on internal servers after blowing off many, many reports of leaks from their customers), Vanguard doesn’t.
  So, yes, everyone leaks in the same sense that in the long run we are all dead, but there are clearly some organizations that understand mailing list security and some that don’t.

• Some places leak like a sieve (anywhere with Windows desktops or who use an ESP, for instance). Others don’t. I’m fairly impressed we got a decade or more out of this address before it did.

• […] customer data but also source code. Adobe source code isn’t the only thing that leaked, our abacus support address found its way onto phishing lists. Experian was caught selling PII to identity thieves.  LinkedIn […]