Have you ever wondered how a SPAM sender got your email address?
For the past 15 years, I’ve used a different email address every time I filled out a webform . This way, whenever I get a SPAM I can look at the address the SPAM was sent to and know how the sender found out about me.
It is interesting to see where the leaks come up. Here is a short list of some of the people who (willingly or unwillingly) ratted me out to spammers….
2BRIGHTSPARKS.COM abundancethebook.com (added 4/11/2018) AUDIOGO.COM (added 5/6/2015) BARCODE-US.COM Bitly.com (11/28/2018) BMWMOA.ORG boldbook.com (added 4/11/2018) BUYERZONE.COM CENTREOFTHECELL.ORG CHECKS.COM DIRECTV.COM DROPBOX.COM DYNACNC.COM E-COUNTERS.COM (1/9/2014) ENDLESSPOOLS.COM FLUKE.COM FOSCAM.US (added 4/28/2015) FRIENDSTER.COM (added 6/23/2014) HELLODIRECT.COM (added 3/4/2019) HOMEDEPOT.COM INTELIUS.COM INFOQ.COM (3/1/2016) IRR.COM LAPLINK.COM LEXUSOFENGLEWOOD.COM (added 4/25/2014) LIVEMODERN.COM LOGANTURNPIKEMILL.COM (added 2/29/2014) LOGMEIN.COM LIFELOCK.COM MANDARINHOTEL.COM MAXIMHQ.COM MORFIK.COM MYSPACE.COM (3/19/2016) NYTIMES.COM NYWATERWAY.COM RAYANDTERRY.COM (7/30/2015) REVERSEGENIE.COM ROKU.COM SECONDSTAGETHEATER.COM SEETHROUGHMIRRORS.COM (11/4/2014) SHAPEWAYS.COM SHAPESHOT.COM (12/27/2015) SIDEFX.COM SIMPLE.COM (3/8/2016) SMARTBRIDGES.COM SMITHMICRO.COM (added 4/9/2014) SOFTWIRED-INC.COM SOLARWINDS.COM SPEAKEASY.NET SPORTYS.COM SUPERMAGNETMAN.NET (added 2/2/2015) TICKETMASTER.COM TRANSCEND.COM WALLHOGS.COM WSJ.COM (added 2/8/2014) ZENBE.COM ZEVIA.COM
If you’ve ever given your email address to any of these websites, then it is likely that you can thank them for some of the spams you now get every day. I am talking about hardcore SPAM like offers for Viagra, porn, or African money transfers and not just unwanted emails that might be semi-related to the website that you originally gave your address to.
Some of these sites might intentionally sell or give their email lists to SPAMers, but I suspect that many had their lists hacked or got a virus on a machine that has access to their list. Either way, it makes it hard to trust the company that let it happen.
I typically kill a compromised address as soon as it starts getting spam, but sometimes I want to keep getting the real emails from the original website so I’ll go in and update my account with a brand new, unique email address. Sadly, I often soon start getting spams on the new email address, indicating that the leak was not a one-time event.
BTW, I also use a unique hash for the return address on every email I send out. This lets me know instantly whenever anyone I know gets a virus, uploads their contacts to a website that then sends out splash emails, or falls for a Facebook/GMAIL phishing scam. It happens way too often.