Question from the comments

On yesterday’s post there is a question in the comments that I think needs a bit more discussion.

I guess the real question as a recipient is if you are getting so much spam that you cannot spot the good from the chaff, what did you do to start with to get your address syndicated on so many bad lists?

There are a lot of ways spammers get addresses. Some of them rely on users to submit email addresses to various web forms. Many of them don’t.

  1. Having an email address for a long time. The address I’ve had for 15+ years (and stopped actively using for any mail in mid 2003) gets a lot of spam.
  2. Have an email address in any sort of public place. The two email addresses I have on webpages get lots of spam. One of those addresses is actually the contact address for Word to the Wise sales and receives perhaps 3 or 400 spams a day.
  3. Send email to someone who subsequently gets infected with a virus. Viruses are scraping computers and sending lists of email addresses back to the mother ship.
  4. Send email to any public mailing list.
  5. Sign up with a trustworthy company that subsequently gets hacked and their list stolen. My addresses have leaked from such giant companies as Intuit and Sony.
  6. Just have an email address, even if you never use it or never give it to anyone. There is a lot of very bad spamware out there that will create email addresses. I get lots of spam to laura-infodd@ and laura-infonn@ addresses. These are not tagged addresses I’ve ever used anywhere, but they’re getting spam (hundreds a day).

Not every bit of spam is a result of what the recipient has done. Having the same email address for more than a year or 18 months means that it is out there and the spammers find it, even if the recipient is very careful with where they give the address. For instance, one of my email addresses has never been used to sign up for any commercial email, but received almost 300 spams yesterday.
Spammers will find you, even if you closely protect your email address.

Related Posts

TWSD: breaking the law

I tell my clients that they should comply with CAN SPAM (physical postal address and unsubscribe option) even if the mail they are sending is technically exempt. The bar for legality is so low, there is no reason not to.
Sure, there is a lot of spam out there that does not comply with CAN SPAM. Everything you see from botnets and proxies is in violation, although many of those mails do actually meet the postal address and unsubscribe requirements.
One of my spams recently caught my eye today with their disclaimer on the bottom: “This email message is CAN SPAM ACT of 2003 Compliant.” The really funny bit is that it does not actually comply with the law. Even better, the address it was sent to is not published anywhere, so the company could also be nailed for a dictionary attack and face enhanced penalties.
It reminds me of the old spams that claimed they complied with S.1618.

Read More

McCain Campaign Spamming

As I mentioned in my post on spam from the Obama campaign, there have been reports of spam coming from the McCain campaign. However, the McCain campaign does not seem to be sending the volume of mail that the Obama campaign is, and so they are not as visible.
A recent post over at Denialism Blog shows that the McCain campaign has some of the same problems as the Obama campaign. Chris talks about the unsubscribe options he is presented when trying to stop the spam he is receiving. He suggests the campaign adds another option:

Read More

The unexpected email

In almost every discussion of “how to stop spam” someone will come up with the idea that if a recipient only allowed known people to send them email then the spam problem would be solved. There are lots of problems with this type of solution, but one of the biggest is that it ignores that sometimes the unexpected email is wanted. Typically, these unexpected but wanted emails is from an old friend or contact. But sometimes, the unexpected email can actually look like unsolicited bulk email and yet be wanted.
I actually received one of those emails today. The folks at http://schmap.com found my flickr stream and sent me email asking me for permission to use a couple of my photos in their London city guide. Completely unexpected, but very welcome email.
Sometimes, in the struggle to keep email useful and to keep spam out of the inbox, we forget how useful and wanted that unexpected email can be.

Read More