9
3
I have my own domain (lets call it MyDomain.com), and my email account is set up such that all mails sent to @MyDomain.com will end up in the same mailbox.
So, think of a word, put it in front of @MyDomain.com, send me an email, and I will get it.
When I sign up for SomeService.com, the email address I will give them is ‘someservice@MyDomain.com’.
This means that if I get a spam email sent 'To' someservice@MyDomain.com, I can identify 'someservice' as having compromised my email address...Or so I thought.
When catching a company (a pharmacy from whom I'd bought earplugs), as far as I was concerned, red-handed, I sought them out, and got the following response:
I am one of the webmasters of the [SomeService] commerce portal. We take user data security very seriously as our business depends on this.
We have been PCI certified by 2 independent agencies who routinely scan our systems for security flaws.
Emails can leak out at multiple levels including the users computer or in transit due to network sniffers that are increasing being employed by professional spammers.
We not only keep our systems behind a firewall but also encrypt user data to ensure privacy even from our own staff.
I reiterate this is not something we condone and we will do an internal investigation to ensure our systems are clean. Kind Regards [administrator]
What do you folks make of this? Some questions I'm asking are
- What is PCI certification and can I take this seriously/is is credible?
- Is the 'email-leaking' and 'network sniffer' claims credible?
And any thoughts in general. Let's just say I'm learning.
Thanks, James
I have done this for years and have never yet received a single spam which might indicate that a company had sold my address to a third party (pretty disappointing, in a way ;-) – Mawg says reinstate Monica – 2015-07-31T08:02:02.840
How do you mean you can identify 'someservice' as having compromised your email address? Do you keep a record of every 'someservice@' email address you have used? – Connor W – 2010-09-20T18:34:48.343
Yes, I do. I'm currently up to about 20. And even if I didn't, receiving an email like this would jog my memory. :-) – James Wiseman – 2010-09-20T18:43:17.487
2@ Connor Surely the record is in the 'someservice' part. One would sign up to "stackoverflow" with an address of "stackoverflow@mydomain.com" and use that email address for nothing else. The question is, if one gets spam addressed to "stackoverflow@mydomain.com" where has the spammer got the address from if not from "stackoverflow"? – Neal – 2010-09-20T18:47:32.673
2Some spammers look for registered domains and then try to make up addresses from dictionaries so there is another way to get spam. Still, if that was the case, it would have been envious is setup such as the one OP described. – AndrejaKo – 2010-09-20T18:55:04.920
1I do this too and it works great. I have only had one instance of a third party actively giving an address to spammers. It was apparently a result of sending in rebate forms for a popular electronics store. That address is now blocked. – Chris Nava – 2010-09-20T19:03:18.023