It also helps me track where my email address leaks. If I shop at Amazon, I use the address lteo(dot)amazon${some_num}@calyptix.com, so if I ever get spam going to that address I know that Amazon is up to no good.
Sometime ago, I filled out a paper survey for Gartner, and used a new address, lteo(dot)gartner07(at)calyptix.com.
Lo-and-behold a syslog message was generated by the spam filter on our AccessEnforcer a few months later:
notifier: Mail 611157 classified Spam. Action: Quarantined. From 'vahagn-sigouin!centrum.cz', To 'lteo.gartner07!calyptix.com', Subject 'Is Anything Beautiful As A Rose?'.
(Pretend that the '!' symbol is a '@').
This wasn't a guessed username. If my method was along the lines of using "lteo.amazon" and "lteo.google" and "lteo.gartner", this could very well be a reputation attack.
But my use of numbers makes the usernames I generate hard to guess. (Not cryptographically hard, but still.)
Somehow my email address leaked. In theory someone could be sniffing the Internet for email addresses, but keep in mind that this address was only used on a hand-written survey. They did eventually send me email at that address, but all the other purpose-specific addresses I've used and received mail at have never been spammed (other than those I use for public mailing lists, of course).
So how was it leaked? It could've been published accidentally, but Google doesn't turn up any instances of the address.
What seems most likely is they shared this address with some "advertising partner," or one of their machines containing the address has gotten compromised by a spam bot. In which case, they should probably look into purchasing a few AccessEnforcers. :-)
4 comments:
Although your email could leak to untrusted source, you are forgetting the fact that your email could be obtained even if you don't give it to anyone.
Spammers have a veraity of ways to harvest email accounts. It is more economical for them to use automatic methods such as DHA rather than breaking into a web site and stealing its emails - although both methods are being used.
I suggest that you implement a good Anit-Spam solution and use only one email account, rather than to keep track which account you are using and who might leak it
Amir
Thanks for your comment.
Right, spammers could've gotten email addresses by DHA, but usually DHA produces the "typical" type of addresses (john, jdoe, john.doe, etc) that tend to be easily guessed. The probability of guessing an address like lteo.gartner07 by DHA is still very very low.
No worries, I'm already using an excellent spam filter. :)
This reminds me of a recent salesforce.com data leak (http://blog.washingtonpost.com/securityfix/2007/11/salesforcecom_acknowledges_dat.html)
I can't find a reference to this, but they ultimately flagged this because someone like you had created a salesforce.com-specific email address.
I found this entry through a Google search for email address leaks.
I tag my addresses similarly, and had another one get out today-- this one from OpenTable. I'm trying to find out if there's a database anywhere of leaked tagged email addresses. I don't suppose you know of one?
My domain is pattib.org and the username is p-a-t-t-i-b if you'd like to contact me.
Post a Comment