Surprising Spam

Have you ever wondered how a SPAM sender got your email address?

For the past 15 years, I’ve used a different email address every time I filled out a webform . This way, whenever I get a SPAM I can look at the address the SPAM was sent to and know how the sender found out about me.

It is interesting to see where the leaks come up. Here is a short list of some of the people who (willingly or unwillingly) ratted me out to spammers….

2BRIGHTSPARKS.COM
AUDIOGO.COM (added 5/6/2015)
BARCODE-US.COM
BMWMOA.ORG
BUYERZONE.COM
CENTREOFTHECELL.ORG
CHECKS.COM
DIRECTV.COM
DROPBOX.COM
DYNACNC.COM
E-COUNTERS.COM (1/9/2014)
ENDLESSPOOLS.COM
FLUKE.COM
FOSCAM.US (added 4/28/2015)
FRIENDSTER.COM (added 6/23/2014)
HOEMDEPOT.COM
INTELIUS.COM
INFOQ.COM (3/1/2016)
IRR.COM
LAPLINK.COM
LEXUSOFENGLEWOOD.COM (added 4/25/2014)
LIVEMODERN.COM
LOGANTURNPIKEMILL.COM (added 2/29/2014)
LOGMEIN.COM
LIFELOCK.COM
MANDARINHOTEL.COM
MAXIMHQ.COM
MORFIK.COM
MYSPACE.COM (3/19/2016)
NYTIMES.COM
NYWATERWAY.COM
RAYANDTERRY.COM (7/30/2015)
REVERSEGENIE.COM
ROKU.COM
SECONDSTAGETHEATER.COM
SEETHROUGHMIRRORS.COM (11/4/2014)
SHAPEWAYS.COM
SHAPESHOT.COM (12/27/2015)
SIDEFX.COM
SIMPLE.COM (3/8/2016)
SMARTBRIDGES.COM
SMITHMICRO.COM (added 4/9/2014)
SOFTWIRED-INC.COM
SOLARWINDS.COM
SPEAKEASY.NET
SPORTYS.COM
SUPERMAGNETMAN.NET (added 2/2/2015)
TICKETMASTER.COM
TRANSCEND.COM
WALLHOGS.COM
WSJ.COM (added 2/8/2014)
ZENBE.COM
ZEVIA.COM

If you’ve ever given your email address to any of these websites, then it is likely that you can thank them for some of the spams you now get every day. I am talking about hardcore SPAM like offers for Viagra, porn, or African money transfers and not just unwanted emails that might be semi-related to the website that you originally gave your address to.

Some of these sites might intentionally sell or give their email lists to SPAMers, but I suspect that many had their lists hacked or got a virus on a machine that has access to their list. Either way, it makes it hard to trust the company that let it happen.

I typically kill a compromised address as soon as it starts getting spam, but sometimes I want to keep getting the real emails from the original website so I’ll go in and update my account with a brand new, unique email address. Sadly, I often soon start getting spams on the new email address, indicating that the leak was not a one-time event.

BTW, I also use a unique hash for the return address on every email I send out. This lets me know instantly whenever anyone I know gets a virus, uploads their contacts to a website that then sends out splash emails, or falls for a Facebook/GMAIL phishing scam. It happens way too often.

6 comments

    • bigjosh2

      Yep. I think LifeLock leaked email addresses during the class action suit in 2010. The settlement was on 4/30/2010 and the first spam was on 6/30/2010.

      They probably gave a list of all their customers to a law firm and someone at there had a virus or sold the list.

  1. Josh

    >>BTW, I also use a unique hash for the return address on every email I send out.

    How do you do this thing?

    • bigjosh2

      Right now it is a combination of some code on running on my local machine and some scripts of the email server, but it would easily be made into a general purpose product where you would just set your outbound SMTP server to point to my service and I do all the work for you. I should have made this decades ago. I can’t believe GMAIL has not done it yet!

  2. mia

    Holy shit…Dude, I thought I was the only one. I use Spamgourmet and I got spam 1-3 years ago with the very unique “simple” email address I created. The email contained a malicious javascript (.js) file attached. I called Simple telling them they were hacked and that the same thing has happened in the past with other companies (dropbox). They forwarded my email to their security dept who analyzed and confirmed it was malware but said the spammers might have “guessed” the email (sigh). They said they had no other reports. Your report sheds some serious spotlight back on their email database being hacked.

    The reason it’s just come up now is I got an obvious Dropbox phishing attempt and malicious PHP redirect from my simple address. I google simple.com hacked and found your post.

    • bigjosh2

      I’ve gotten the same response from companies when I’ve tried to tell them that they’ve had a breach – and my addresses are extremely unlikely to have been “guessed”. If I was CEO of a company, I’d set up a bunch of gmail addresses and secretly use them to sign up for stuff with my own company. If I ever got a spam or unexpected email on one of those addresses, send to my security people and tell them someone reported a breach on that address. If they said, “Oh that’s just a crackpot reporting that, we have no breach” then I’d fire those security people.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s