BLOG

Everything leaks eventually

We have a role address we use to receive support requests from users of our Abacus ticketing system – they’re typically abuse or security desk administrators at ISPs or ESPs, inside corporate firewalls and protected by multiple layers of security and malware protection.
We’ve been using it since around 1997, so we’ve had a good, spam-free run, but in the past few days it’s started receiving botnet originated malware.
If you give an email address to other people, eventually it’ll leak and start receiving spam and malware.

5 comments

  1. Ricard Vohsing says

    We get hundreds of spam messages in our feedback loop inbox per day. The irony makes me chuckle.
    A trick I found a while back is using a Gmail address with a modifier.
    Say i Have an email address of Pirateninja@gmail.com, I sign up for email lists using Pirateninja+disneyland@gmail.com. the “+disneyland” addition does not affect the delivery of the email, but now i know that If I receive an email sent to “PirateNinja+disneyland@gmail.com” that was not sent by Disney, then I know that either Disney is selling my list, or their database was compromised.
    I wish more ESPs provided a similar system.

  2. steve says

    Yup, it’s usually called boxing or address tagging. Many MTAs support it (using +, – or sometimes = as a separator). I’m not sure how long it’s been around, but I’ve used it since the early 90s.
    http://blog.wordtothewise.com/2010/07/tagged-email-addresses/

  3. John L says

    I take your point, but I find it striking it is that some places leak like a sieve and some don’t. The Economist leaks, the Atlantic doesn’t. Ameritrade leaks (to the extent of having found malware on internal servers after blowing off many, many reports of leaks from their customers), Vanguard doesn’t.
    So, yes, everyone leaks in the same sense that in the long run we are all dead, but there are clearly some organizations that understand mailing list security and some that don’t.

  4. steve says

    Some places leak like a sieve (anywhere with Windows desktops or who use an ESP, for instance). Others don’t. I’m fairly impressed we got a decade or more out of this address before it did.

  5. This month in email: October 2013 – Word to the Wise says

    […] customer data but also source code. Adobe source code isn’t the only thing that leaked, our abacus support address found its way onto phishing lists. Experian was caught selling PII to identity thieves.  LinkedIn […]

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.