1

I typically use a different email address for every site that demands one. It's an additional factor I use to authenticate that this particular email really came from a particular site. Many of these addresses are used only once, forever, when verifying a signup for the site.

There is one flavor of spam that kicks in from time to time, where I receive many identical spam, addressed to many of these unique addresses.

How were these addresses collected by the spammer? Am I to believe that all these sites have independently had their email databases stolen? Or perhaps that they all share an email provider? These providers include both very large and very small sites.

BTW, I've occasionally tried sending friendly "I have evidence that your email database has been stolen" messages, and you can guess how effective that has been.

While this is similar to the cited "duplicate", neither question has been satisfactorily answered.

ddyer
  • 1,974
  • 1
  • 12
  • 20
  • Ghostery can tell you what all is being loaded on particular websites - usually analytics and advertisers. You might find one in common. – SDsolar Mar 23 '17 at 19:49
  • Are all of these email addresses at some specific domain (such as a domain you own) or are they at different domains too? If it is a single domain and you run the mail server yourself, can you see if they are also hitting addresses that don't exist? – Moshe Katz Mar 28 '17 at 18:45
  • In this case it's a private domain with a catch-all filter, so no, they're targeted at actual email addresses. I've also seen "alphabet spam" that's targeting names at random, which is easier to account for. – ddyer Mar 29 '17 at 19:35
  • @ddyer can you explain *why* the other answers are not what you are looking for? – schroeder Apr 17 '17 at 07:55
  • the offered explanations are (1) active surveillance of a compromised intermediary; not credible because the email addresses are not active. (2) sophisticated dictionary spam. Not credible because only email addresses that were actually used are being targeted. – ddyer Apr 17 '17 at 18:49
  • Why don't you allow the probability of spammers just send emails by domain mask, i.e. `*@domain.com`, and they don't bother what sits before at? – Suncatcher Apr 13 '18 at 06:52

1 Answers1

0

Most likely it is not the site owner that is sharing or leaking your address but a mail relay that is intermediate to you for sending and receiving mails since the emails headers can be read in transit if they pass through a malicious/less trustworthy MTA.

How are you sending and receiving your mails and setting up your emails?

Greg
  • 81
  • 2
  • through a private server. It also should be noted that the email addresses in question are not necessarily recently used, and in many cases were only used once, so some sort of active surveillance is not a likely culprit – ddyer Apr 17 '17 at 01:25
  • Based on your comments on replying this will have confirmed the email as being active with the spammers and they may have also looked at the naming structure and used that with a dictionary to try lots of variations. I would recommend using spamassassin with a good rule set. Also take a look at enabling DMARC and work up to a reject policy to reject spoofed mails being sent to you, which will be quite a lot. – Greg Apr 17 '17 at 20:34
  • If they were looking at patterns and guessing likely email addresses, they would guess a lot of things that work. Not the case. However, some kind of capture/archive of used email addresses, downstream from the originator, would make sense. – ddyer Apr 13 '18 at 15:54