Tagged Email Addresses

Sept 17, 2019: Shutting down comments on this post because we cannot help you recover any email account and I am concerned about the number of people who are providing PII (including phone numbers, credit card numbers!!! and email addresses) in the comments. 

A tagged email address is any email address that provides some additional information to the recipient when they receive email sent to that address – typically something about who they originally gave that email address to or what the email address was intended to be used for.
As a very simple example, someone may have a “real” email address provided by their ISP and a gmail address. If they only ever sign up for bulk email using their gmail account then they know that any bulk email they receive at their ISP email address is not mail they signed up for, and hence that it’s spam.
A more flexible way of having multiple email addresses is what’s known as “boxing” or “tagging” – being able to make up new variants of your email address on the fly. How that’s done varies depending on the mail system you use, but typically you’ll be able to add a string to the end of your email address, separated by a “+” or a “-“. For example, if my main email address is steve@blighty.com I can create a tagged address like steve-blogspam@blighty.com. They’ll both be delivered to my inbox by default, or I can use the tag to route the mail to another mailbox (either using the filtering rules in my mail client, or something like procmail or sieve running on the mailserver).
Because I’ve never sent mail from the email address steve-blogspam@blighty.com, nor given it to anyone, nor even mentioned it anywhere other than this blog post I know that any email I get to it was sent by a spammer who harvested it from this page or the blog rss feed. On the other end of the spectrum I have tagged email addresses that I’ve created specifically to give to one of our vendors, and so I know that if I see email sent to that tagged address it’s almost certainly mail from that vendor, and I should have it skip my spam filters and send it directly to my inbox or a mailbox specifically for mail from vendors.
I’ve talked previously about some of the implications of address tagging for ESPs, both for signup and list hygiene, and Laura has talked about tagged, disposable and temporary addresses from a recipient perspective. Today I’m going to touch on another aspect of them – they mean that if you harvest addresses, or purchase addresses, sooner or later you’re going to get caught.
Last month I got a mail from a senior account executive (aka “salesweasel”) at Cisco/WebEx:

Hello Steve,
I am the Cisco WebEx Solutions Specialist responsible for supporting your region.
Are you available this week or next for a brief discussion of your current business objectives?
I would like to share some creative ideas about how you can reduce expenses and increase productivity throughout your organization.
Please reply with the best time to reach you.
Best regards,

I don’t recall ever having any relationship with WebEx, and we swapped out all our Cisco networking gear quite some years ago. It could be that I gave them a business card at a trade show or somesuch, as I was vaguely looking at web conferencing providers a couple of years back – but it’s a bit odd that it doesn’t have my full name, nor does the salesweasel seem to know who my employer is. Sure enough, the mail wasn’t sent to either my personal or work addresses – it was sent to a tagged address. If that tagged address had been steve-webex or steve-cisco that would have told me that I probably had given it to them at some point in the distant past.
It wasn’t, though. Instead it was a tagged address that had only ever been used for one thing – it was used to register a domain that’s used primarily to host the CBL blacklist’s website. So WebEx or, more likely, the salesweasel is harvesting email addresses from whois in order to send spam to them, or is buying lists of addresses from someone who did. Given that they’d have to violate their agreement with the .org domain registry to do that, it’s clearly unethical business behaviour (and possibly even punishable by a fine or imprisonment of no more than one year).
I just caught a potential vendor playing fast and loose with privacy. At the very least, that makes it unlikely I’d use them unless I got a really good explanation as to how this happened, and how they’d prevent it happening in the future.
It’s bad marketing, and the more technically literate your target demographic is the more likely they are to catch this sort of behaviour, and the more they’ll hold it against you. If your company doesn’t have a policy against this sort of address acquisition, it’s a good time to think about one (“Don’t do that.”). And if you do have one, check that your salesweasels are aware of it, and that it applies to email addresses bought from jigsaw or appendleads or zoominfo or emailappenders just as much as it does to that CD of fifty million email addresses they bought from a guy in a bar.
Edit 1/6/2015: We do not run tagged.com or have any connection with Tagged. We cannot help you. We cannot disconnect your account. We cannot fix your address problems.

Related Posts

Appendleads is not unusual

I called out David Williams from appendleads.com yesterday for his spam. Sure he’s a spammer, his database is full of garbage information and his email violates CAN SPAM but he’s not that unusual in the realm of list sellers. He is very typical of the people I see offering lists for sale.
List sellers are the internet version of used car salesmen. Everyone knows they are slimy sales guys who will do anything to close the sale. They don’t have a real web presence, just visit appendleads.com and see what I mean.
And yet, people still buy lists from them! I have no doubt that my spammer friend has a nice little business selling email addresses. He sends out spam, he gets a few responses, makes a tidy profit and then sends out another spam, hooks a few more people and makes more money.
OK, so not all list sellers are like appendleads. Some of them go so far to build a website. But at the core they’re the same. They are selling data that isn’t clean, it’s not opt-in, it’s not been verified.
This is why so many of us harp on not buying lists. The sales guys talk a great game, but they aren’t selling what purchasers think they’re getting. They also don’t care. They have no incentive to clean up their data. They have no incentive to accurately represent what they’re selling. All of the risk is on the person that sends the email. Once they have their money, the buyer is on their own.
Can you ever successfully purchase a list? I’m sure some senders have. But that experience is closer to winning more than a thousand dollars in the lottery than an actual good business decision.

Read More

Did anyone actually look at this email before sending?

I received spam advertising AARP recently. Yes, AARP. Oh, of course they didn’t send me spam, they hired someone who probably hired someone who contracted with an affiliate marketer to send mail.
The affiliates, while capable of bypassing spam filters, are incapable of actually sending readable mail.

Read More

Tagged.com's newest trick

I signed up a disposable address at tagged.com last summer, to see how their signup process went and how aggressive they were at marketing.
They mailed me maybe a dozen times over the course of a month and then the mail stopped.
Until today.
Today I got two messages from tagged.com, one from Sophia C (33) and one from Melinda E (27). The messages are identical except for the names and some of the advertising on the bottom.
I find it a bit coincidental that after all the recent news about Tagged that I start getting mail from them again. Mail that is not from anyone I know. Mail attempting to entice me into logging back into the tagged site.

Read More