Are you not getting bombarded by scammers, via email and phone, trying to steal the contents of your Compte Personnel de Formation, Mr Dabbs?!?
WE BRING ENGLISH TO YOUR FEET! reads the email. That's nice. I knew I was lacking something in the footwear department. A fine pair of bobby dazzlers, no doubt. No, that can't be right. Let me run it through another translation app. Ah, how about this? WE BRING ENGLISH TO YOU! This makes more sense: it must be trying to …
I have now refined my technique to getting through to someone I can verbally abuse. I recently had a UK "energy advisor" who protested for several minutes that my telling him to "kindly piss off" was "not a nice thing to say". How he would have reacted to my "Amazon/OpenReach" graphic equivalent could have been interesting.
Please do not tempt fate. You may find yourself on the wrong side.
Please do tempt fate. You may find yourself on the wrong side.
See, doesn't matter what you do. You die, no matter what. You die of suffocation or you die of starvation. Choose your poison carefully. Filters, antidote and air available upon request. Only $9.95.
I get a couple dozen a week, 99% go where they are supposed to go. I have a bigger problem, people giving my email addy as theirs, either by mistake by them, or the bank or insurance company who had to transcribe from a paper form. Roy, if you're reading, I'm getting all your credit card billing reminders, you should pay your bill! And Donna, I doubt you're reading, but I'm not interested in the community production of "Annie Get your Gun". And Delores, I definitely don't want to join the Home Owners Association...
"people giving my email addy as theirs, either by mistake by them, or the bank or insurance company who had to transcribe from a paper form"
I get daily emails from Costco and Birkenstock for the same reason. Maybe it wasn't a mistake, but an asterisk next to the email field and the end user's way of diverting the marketing spam....
> I get a couple dozen a week
I get one or two a month, usually phishing emails. But then again I use private mail servers with an
obsessive very strict admin. He has created a honeypot account some 25+ years ago, and made sure that specific address would end up in most of the "marketing lists" sold around from spammer to spammer. As a result, any (non-ISP) domain sending email to that specific fake address is automatically blocked henceforth. He also simply blocked the most active spammer TLDs (you know, all those silly new TLDs only spammers use). As a result undetected spam is kept to a minimum, and the server-side spam detection is so good I was able to create a rule like "if Header contains '***SPAM***' then delete, no questions asked". Never lost a valid email, and checking my mail is a pleasant experience...
Spam detection has come a long way since the nineties. The tools are there, but it takes some work and obviously requires having some control over your server.
Just my 2 cent's worth.
This post has been deleted by its author
As I use my own domain, I always give a different email address depending on who I am dealing with, so that I can I identify anybody abusing my email more easily. Usually companyname@mydomain. Sometimes causes brain explosions on the staff I am dealing with.
Most companies haven't abused my email. One notable exception has.
I bought flights with Thompson Fly many (many) years ago. Used tfly@mydomain to book the flights and ticked all the "Do not send me shit or sell my details please" tickboxes.
I have since received emails from many different companies to this address offering all manner of (usually non flight related) products and services. It went quiet for a while then kicked off again recently with "Meet Asian women" and "Find a Russian bride" emails so it looks like their mailing list was sold far and wide.
"Why did you keep the address alive once the spam started?"
I just have a catchall from the DNS provider that forwards all mail to the domain to my current mailbox. Don't bother running my own mail server. I have a rule that sends mail to this address to junk, but occasionally have a look to see what is still being sent to it.
If I log into my webmail after a few hours and there is nothing there, I do start to worry that emails aren't getting through, a couple of spam emails is actually reassuring!
My biggest problem is big companies sending me emails I want, that get through the filters but look to me very like spam or fishing. I've lost count of the number of companies that send emails from 'Sales' or 'Customer Support' with either no 'Subject' or one that looks highly suspicious.
My biggest problem is marketing departments of big organisations sending me emails that I don't want. Worse, they're the sorts of emails that train their customers to click on links.
The latest really bad one was from the RHS of all people - click on this link to vote for resolutions at the AGM. Undoubtedly this, if clicked, is going to require the member to
log in provide their log in credentials to a fake site. Of course it also has plenty of other links to train members to click on malware delivery sites.
OK, the RHS is one thing but the most prolific offenders are banks and building societies who have most to lose by training their customers to fall for scams.
I have said before on this site:
A previous employer of mine used to send this sort of email out, training its customers (of which I was also one) to click on dodgy links. The thing was, if I followed the company's internal security awareness training then, had the email been sent to my work address, I should have sent it to our IT security team (a few times I actually forward it from home to work and did this to make a point). I put a fair bit of work in trying to identify who in the company was responsible for the emails but eventually left before I found out.
Was an exchange admin once.
Which took me through a jaunt to find a solution to spam.
Greylisting works, but only if the ne'er-do-wells used a nonstandard SMTP server. Most of the time they just hijack somebody else's server to peddle their tat.
RBL etc as offered by Spamhaus is only effective up to a point, until they get a bulletproof host in order to peddle their tat.
I also had a look at Bayesian filtering, and it do work, but it get stuffed up should the ne'er-do-wells include reams of text from Project Gutenberg in their peddling emails.
Farmed Exchange out to somebody else and made it their problem.
Never again will I look at being an Exchange admin - it is a good system, but it is getting increasingly stressful, and I don't have time for that sort of stress in my life.
Currently our email is on Office365, and things do look good. There's the odd spammy mail coming through, but so far, soooooo much betterer.
Ah, yes, being an Exchange admin. Never again!!
At my previous employer there was an incident where the CEO called and left a voicemail for my boss (the VP of IT) that was an angry shouting rant filled with expletives about email and SPAM. It was due to the fact that a very important email ended up in his SPAM folder, and he missed it. His request was simple, he wanted to never get a single piece of SPAM in his inbox, and to never have an important email go to his SPAM folder. No big deal, right?
My boss, emailed the CEO his resignation, CC'd me on the email, and forwarded me the voicemail to show me why he was so upset. Our CFO was a very nice, calm, and rational guy, so I called him to come to my office. I played him the voicemail, and showed him the resignation letter from my boss. I told him that if my boss was in fact leaving, so was I. I had enough of this BS too.
The CFO called the CEO and talked some sense into him. The CEO called both of us to apologize, and no one left the company.
What we did though, was to migrate the company email up to Office365 right away. We gave the CEO a support phone number for Microsoft, and told him, that we had no control of the anti-spam software (not completely true, as other El Reg readers will know), and he would have to call Microsoft.
When you combine this kind of BS with trying to stay off of blacklists, being an Exchange admin really stinks.
my current favourite spam filter is the one thunderbird uses. it has decided that all my google calendar emails are spam.
and yahoo comes a close 2nd, as it won't allow me to configure the spam filter and i have to go see what is caught in it every day.
Total number of spam emails received over past year - about 3
Total number of spam emails received according to yahoo - 3000 or so. Including ONE of the ones above.
Total number of spam emails received according to thunderbird - 1000 or so. Including ONE of the real spams.
Thunderbird is indeed pretty good.
That said, I programmed my own spam filter. Granted, all incoming messages hit my Inbox, but then I clicked on Filter and 99% of the time what was left was genuine messages that were for me.
What were my filters ? Check this out :
1) From domain does not match ReplyTo domain - that's pretty simple to check and a golden rule AFAIC
2) From country is not a country I know people from - Russia, looking at you
3) From does not match somebody who I have already accepted mail from - if I don't know you, why should I waste my time ?
4) Subject contains wierd character combinations - nobody puts [(D:!!] in a subject
5) Body contains links to domains other than the From domain - if you pretend to be from Microsoft, your link better point to a Microsoft-held domain
6) Body contains attachments with names that end in .exe - nope, nobody sends legitimate executables by email without prior warning
Ok, there have been a few occasions where a new "colleague" got his mail sent to the spam box, but I can recover that.
More often than not, these rules have been more than sufficient to not waste my time reading a mail with a subject like "Re: <something I've never sent>" and an attachment I wouldn't touch with a bargepole. Or the ever-amusing "Your PayPal account has been locked" when my PayPal account has been unaccessible ever since they implemented 2FA without bothering to cater to the people who hadn't signed up in the 8-day window it was available. Or, another fun one, the urgent mail supposedly from my bank when I don't have an account there.
Thunderbird does a good job, but really, I had something that was almost as efficient and didn't cost me a week of development.
Of course, that was when I still got my mail via Lotus Notes.
Now I have to use Thunderbird. The occasional spam gets through, but I can recognize it almost instantly.
Of course, not using Outlook helps a lot in preventing unwanted hijacking.
"Now I have to use Thunderbird. The occasional spam gets through, but I can recognize it almost instantly."
I have to agree, after, maybe 15 years of Gmail and their absolutely shit web interface, and also after someone (yourself maybe) advising me to go thunderbird, I feel way more relaxed having just done that !
It works well and is auto-learning SPAM rapidly, to the point, on the rare occasion I go to the TB spam folders, I say "holly cr*p", so much already handled by TB after 6 months !!
I use Thunderbird and its generally pretty good. I've been on googlemail since 1999 and only rarely use the web interface - generally only when its decided it wont let Thunderbird access it and I have to re-connect. One 'trick' I use to avoid spam is I still use @googlemail.com and not @gmail.com. almost all spam seems to use gmail for some reason which makes it really easy to filter.
Could you say exactly how you create those filters? I've only recently started up with thunderbird, so am not clear how to implement such features.
So far the biggest problem I have is that as I use a Hotmail account and have previously tried to implement rules on its useless system, I end up with perfectly good emails being dumped, not in junk mail, but in the deleted folder. So I need to regularly check it as well. Bloody annoying.
If I can do the filtering in thunderbird, I can delete all the rules in Hotmail, and do a damn sight better job than Microsoft...
"From country is not a country I know people from - Russia, looking at you"
.. For me that would not work (Russia, yes) - I now get lots of email from mainland Europe, because a lot of companies* I dealt with have moved from UK to the EU zone (Netherlands seems popular) as they do a lot of trade with the EU.
.. a lot of them have gone from creating a small "distribution hub outpost" in EU zone (and avoid so much of the import / export grief you now have in UK) through to the vast majority of the company now being EU zone based, and the UK physical presence being the minor outpost.
* Granted these are (relatively) small, fairly niche, nimble companies who previously got a big chunk of income from EU anyway, not necessarily representative of UK companies as a whole
The filter I'd like to see would be one at MSP level bouncing messages with reason We do not accept emails with noreply in the From: or Reply to: address. That, of course, assumes that businesses check their bounced messages.
It would also need a black list for other addresses that prove to be no-reads when emailed.
Well, a lot of automated confirmation emails are sent as "NoReply" (when you complete a transaction or some such). Of course they could send those automated emails with a reply address of "sales", but then they would fall foul of the "reply-to address is not sender" rule...
IMHO it's easier to filter by domain. If I have dealings with SomeShop.com, all mail coming from the "SomeShop.com" domain is most likely legit. If I've never heard of them, it's spam, not matter what is in front of the "@".
The only difficult cases are ISPs and email providers (like Gmail). Those are hard to block, because it's usually specific, compromised addresses. But they apparently have stepped up lately and don't harbor that many spammers anymore. Or the server filters got better.
"Well, a lot of automated confirmation emails are sent as "NoReply" (when you complete a transaction or some such)."
A good rule of thumb is that if you are in business and send out an email to a customer expecting the recipient to read it you should be prepared to read any reply. It's no more than courtesy to your customer, even in the situation you describe.
If you spam your customers you should certainly expect complaints and deal with them if only to apologise. Of course the snowflakes in marketing don't want tohave their bubble burst by being reminded of how unpopular their tactics are. Even less do they want the risk of of someone higher up the food chain deciding to review customer feedback and finding just how much they're damaging their employer's reputation.
"A good rule of thumb is that if you are in business and send out an email to a customer expecting the recipient to read it you should be prepared to read any reply. It's no more than courtesy to your customer, even in the situation you describe."
True, but for those misguided companies that send out "noreply" emails, it's not necessarily appropriate to tar them with the same brush as scammers and other spam.
Korean Spam sounds yummy, I'm imagining barbecued spam and some nice spicy noodles.
Junk mail filters are incredibly dumb these days IME. Anyone who likes the outdoors will know that hiking/walking/camping gear isn't cheap, and especially if you add the word "lightweight" in front of it. Signing up for company newsletters usually gets you a first order discount. Usually the "click here to confirm subscription" email gets through, then the actual newsletter doesn't. Emails from confused.com get through, but emails from the car insurance company I've just signed up to get blocked
Any non-Korean that claims to like Kimchi should be immediately expelled from the conversation...128,526 varieties that all taste like acidic sh**
Yes, I have tried the real thing in Seoul and Inchon. Several times actually as initially I could not believe people would sell stuff like that as food but clearly they can and do
Yes, I have tried the real thing in Seoul and Inchon. Several times actually as initially I could not believe people would sell stuff like that as food but clearly they can and do
That they sell it is one, that others actually buy (and supposedly eat) it is much harder for me to believe.
A teacher of English, usually dealing with Japanese housewives, got a new class with four Korean housewives, the ladies Kim, Kim, Kim and Park. He told them he would, for reasons of clear communication, call them Kim One, Kim Two and Kim Chee. Four Korean housewives left in a huff.
> Usually the "click here to confirm subscription" email gets through, then the actual newsletter doesn't. Emails from confused.com get through, but emails from the car insurance company I've just signed up to get blocked
And why don't you just whitelist* those addresses you know you want not to get blocked even if they are talking about cheap loans to buy Viagra?...
Put up a list of people and domains you know aren't spammers (friends, family, work, websites you have dealings with) and Bob's your uncle.
* Allowlist, or whatever the politically correct term for it is nowadays
... I keep receiving emails which are intended for other people. It seems all the people in the US sharing with me the same last name and the first letter of the first name think it's appropriate to give my gmail address instead of theirs. Now I've got access to plenty of websites which don't think it's necessary to check a mail address before giving full access based on it.
I too am getting lots of emails from people with the same, or nearly same name as me.
Sad thing is, they seem to lead much more interesting and exciting lives than I do.
Tempting as it is to reply and mess up my namesake's social life, I just delete the emails. Gave up on trying to inform the senders that they'd got the wrong address.
When I created my gmail account, the firstname.lastname account was already taken so I added my middle name initials. As it was different from my accounts on other mail providers I kept forgetting to put those initials when login onto gmail. Poor firstname.lastname kept getting is account locked until I managed to get the hang of it.... sorry firstname.lastname....
But I bet firstname.lastname also got some mail meant for me, that I didn't receive... Does one offset the other? :)
At one time I got my broadband from a small ISP that eventually got swallowed by someone larger who then stopped the mail server so me@oldISPdomain.com stopped working. There are several accounts on various systems around the world that I cant change the email to because it sends a confirmation mail to the old address before allowing the new one, and of course they never read any mail sent to their admin account!
I get this with Gmail. I've had a firstname.surname@ address since the days of invitations to join. A vintage Gmail address.
Some stupid b in the USA used to give it out as hers. God knows why (though we share a name and she uses the male spelling of "Terry" not "Terri")
So I used to get lots of emails about dress fitting, Lady's tennis lessons, dinner menus and so forth.
At first I used to politely but firmly inform the sender that I was several thousand miles away, on a different continent and male. But as time wore on I got more and more fed up with this and my replies got less and less polite. Eventually I became incredibly rude, or told the sender to cancel my membership and so forth, without bothering to say their email was obviously meant for someone else. The embarrassment seems to have stopped her. I seldom get any now.
I am getting a lot of Spam from version of that address. Gmail isn't case sensitive and ignores the dot. It comes from Firstnamesurname@gmail.com No dot or second capital. All the spam comes from just that one version. So they've scraped it from somewhere. And the idiots who pay them for that kind of message get as much for their money as they deserve.
Yup. Virtually the only spam I get these days is addressed to firstname.lastname@example.org rather than email@example.com, so it's easy just to filter it to a SPAM label, then permanently delete everything under that label once a month or so. It's by definition - my definition, because it's my email address - 100% true positives (sorry, my email address simply has a period there, full stop), but unfortunately Gmail (last time I checked) doesn't seem to allow you to automatically bin it permanently.
11 years on from moving into this house, I still regularly recieve mortgage statements and legal documents related to other properties the previous owners still own. You try to contact the sender, but you can't get anything changed, as you are not the person they are sending to.
I've even tried contacting the Information Commissioners Office on multiple occassions but get no response to email and web-form.
The organisation AGE UK kept sending me mail for a neighbour by mangling the house number. For a while I passed the mail on to the neighbour.
After her death I wrote "RTS - deceased" on the envelopes. They still kept coming - in spite of using every avenue of communication to AGE UK. Eventually I complained to the organisation that purports to regulate such things - and then they finally stopped.
After my mother died we rented out this house for a while before moving in. One of the tenants was training to be a CofE priest. We kept getting alumnus type bumf from his college for a long time and kept sending it back as not known at this address. I assume Crockford's directory is still on the go so they really should have no excuse for not finding his current address.
Eventually I rung them up saying there would be a £10 handling charge in future and I would go to the small claims court if it wasn't paid. It stopped.
What I'd like to know now is how QUB alumnus office have got our current address to send out stuff to both me and SWMBO.
"What I'd like to know now is how QUB alumnus office have got our current address to send out stuff to both me and SWMBO."
Back in about 2004 or so, a friend suggested that the University of $mystate should award Osama bin Laden an honorary degree. Horrified, we asked why. His answer: "because the alumni association can track down anyone, anywhere".
I didn't have a good time at my first stint at University (of Durham), and I failed one exam in the second year. Back then, Durham had (I feel) an exceptionally harsh policy on failed exams in second year - no resits, no repeating the year, immediate expulsion, and forbidden from re-attending Durham on any undergraduate or postgraduate course*
The Alumni still track me down twice a year and ask for contributions.
* Plus, they were kind of dicks about it, I was clinically depressed and failing to deal with it, the college Principal said "You're not really depressed, we had a girl here slit her wrists last term, that's depression".
I get financial statements for the guy I bought this house from, 6 years ago. I've left notes on the envelope when returned as "no longer lives here" asking them to call him since I don't have a forwarding address.
I changed phones when I moved here and I still get calls and texts from people looking for her. In 2020, on Christmas Eve, I got a call from her parents wishing her a merry Christmas. They were surprised when I asked them how long had it been since they had talked to their daughter since I had gotten the number in 2016.
Now when i get a call asking for her, I start with "What has she done now? Don't tell me, nope, don't want to know. When did she give you this number?" Turns out she is still using this number to apply for loans and credit cards.
Some while ago I started to get mail with Royal Mail redelivery stickers on it. Credit card and bank statements, mobile phone bills, etc.
I searched the name on the web - which was quite distinctive - sent her an email, immediate response back. Turned out she had moved from Brum and now lived directly opposite me. Social media has its uses... sometimes...
My chosen anti-spam filter now catches close to 100% of all spam, and it learns any it misses if I flag them for next time (likewise, if I flag any false positives it mistakenly intercepts).
The vast majority look like this.
Greetings to you.
This is to inform you that the International Monetary Fund [IMF] and the United Nations [UN] is compensating all the
scammed victims $330.000.00 United States Dollars.
Your name and email address was mentioned to the United States Secret Service by one of the Scammers who was arrested.
Meanwhile this Compensation department has been mandated by the IMF and the United Nations to deliver your compensation
funds to you through your current residents home address which is 100 % Guarantee for delivery to you as one of the scammed
Get back to us with your fully details such as.
Your phone number......
Your ID card....
These information are needed before the delivery takes place. Thanks for cooperate with us.
Whatsapp number 15407530466
MRs Gloria young.
I'll never understand either how they think they'll get away with it, or why they sometimes get responses.
There's very little genuine email comes via my ancient Hotmail address but a decade or more ago it was used on Usenet so it gets a good deal of this sort of crap but Hotmail is pretty good at dumping it. I see it's there when I occasionally look to check if any genuine mail has been dumped there. For a while I felt these spammers, shaing such interests would be interested in meeting each other so I'd reply to spammer 1 with a message along the lines of "This sounds interesting but I haven't time to deal with this now. Please contact my colleague spammer2.".
I'm thinking of reviving this. Some genealogical newsgroups keep getting spam from pimping services. Next time I get a Hotmail spam which looks as if it has a booby trapped spreadsheet or whatever I may give them the address of one of the pimps and hope the latter get taken down.
Oddly enough the address I've used on Usenet for the last many years never gets spam. Nobody must be skimming Usenet addresses these days.
"no one uses a real email address any more"
I do and it's occasionally used to take discussions off-group. It helps, of course, that using my own domain it's a dedicated address I can kill and replace immediately if it's abused. But, as I've said, experience shows it's not a concern although this might be a sort of reverse network effect; as long as most people don't use real ones real ones don't get skimmed.
After I got my own domain I (of course) started using unique addresses for everything, including Usenet.
This has caused a peddler of second-hand cars to start emailing me at $prefix.use@$surname.tld offering to take my car (I have none) off my hands for a fair (hah) price.
This must have been culled from news.admin-net-abuse.usenet, but how they got from the address used there to just .use is rather opaque.
There have of course been thousands of spam sent to $firstname.lastname@example.org but those failed the first pattern test already, and that type has now all but died out.
"I'll never understand either how they think they'll get away with it, or why they sometimes get responses"
Try living with someone who has early dementia :(
Father in law is slowly losing his capacity to work out fake/real etc.
He falls straight into those phishing traps. He's a kind fellow so he wants to help (and is time rich), so he spends ages replying to some total f****r about how he hopes they're doing well and here are his details, please do get in touch and he'll try and help..
I've got a delay rule set on his outbox so anything he sends is held. Then at the end of his emailing session, I quickly check the held mails and bin the 3 or 4 that were giving his life away.
Millions of people with early dementia, those phishing b******s only need 10-20 successful hits from their spam and they'll get a decent lil payday.
It's truly disgusting practice.
Suggest to phone scammers that they are immoral in trying to defraud vulnrable people - and they get very indignant that you are trying to deprive them of their living.
I used to say "Does your mother"know what you do?". Then a BBC radio programme found that many parents were delighted their sons had found this way to get lots of money.
"Suggest to phone scammers that they are immoral in trying to defraud vulnrable people"
Just ask them to hang on a moment while you deal with someone at the door. Put the phone to one side & hang it up 10 minutes later. That keeps them out of mischief for a few minutes. It also seems to get you on a phone spammers' black list.
Disposable Email Addresses are working well for me and have done for well over a decade. I run my own mail server so can operate a default allow (only needing my attention on the rare occasion when an address 'goes bad') and most importantly can filter by RCPT TO rather than the highly untrustable 'TO:' field.
What's occasionally interesting is to check my server logs. Email addresses that I ceased to use years ago are still getting spam sent to them even though they've been rejecting incoming email all that time. Apparently spammers are ignorant or don't care. Probably the latter since they can charge marketing gits for those addresses even though they are useless. Two shitty groups of people kicking each other - works for me.
Mind you on the subject of shitty people one also to wonder at those trying to break into my server:
21/3/2022 15:57:43.013 - Client:18.104.22.168 State:RcptTo Action:Reject Rule:Reject general crap Size:0 MAILFROM:b054a60fc9eb086@???? Recipients:(b054a60fc9eb086@?????)
There might be someone called 'b054a60fc9eb086' living somewhere but they haven't asked me to create an account for them yet. And how amusing that they are apparently emailing themselves.. The joys of SMTP.
Hmmm. This is an interesting one. I remember that there was one company I got so fed up with that I changed my email address to something different...
21/3/2022 19:47:52.656 - Client:22.214.171.124 State:RcptTo Action:Reject Rule:Reject general crap Size:0 MAILFROM:spamming.assholes@???? Recipients:(spamming.assholes@?????)
"Two shitty groups of people kicking each other - works for me."
One thing that annoys me is the emails from different Indians, sometimes even on the same day, with identical texts offering web or mobile development services, SEO or whatever. It looks as if some spammer is conning people, who probably can't afford it and certainly don't know better, that there's money to be made in leads generation and is selling them a service: email address, text and probably the actual spamming as a package. And probably a list of real development companies who are probably fed up with the victims contacting them to try to sell leads.
I've now varied my usual "Prospective Supplier Questionnaire" for them. This starts by asking very reasonable questions which should make them realise how unconvincing they look - things like their register company name, domain and company web site. Assuming they're suckered in to try to answer it goes on to leave them in no doubt they've been sold a crock. The latest version points out explicitly that the only money in leads generation is selling people like them leads generation spamming services and the money's made from them. Where I get multiple messages together it goes to all addresses, non-blind to give them a chance of getting together to deal with the scum if that's possible.
I can better that: New ISP, they gave me automatically an email address I didn't need or want, but I checked it nevertheless in case they were sending me any additional setup info/requests.
That was mere hours after I had signed up, nobody except the ISP and myself knew about it, and yet it already contained several hundred spam emails (with more arriving all the time)!
Needless to say I never ever checked it again. I still wonder how they managed to pull this off, advertising a brand new account to all active spammers out there in only 1-2 hours' time. Wow.
It may have been less than "mere hours".
Quite possible the address was already getting intermittent spam before you signed up, then once the email address went live and the mailserver stopped saying "recipient not found" - joy of joys for a spambot, a fresh inbox detected!
Of course it's also possible there's other ways spammers can find out - like if they offer a bit of free hosting space, and people can check the directory of ftp://homepages.$isp.net/
Or something more mundane like the ISP added the email address to the email service their marketing people use for promotional material - and they selected one of the cheaper providers...
> Quite possible the address was already getting intermittent spam before you signed up
While it is definitely possible, I think it's unlikely since I don't have a overly common name and if spammers were constantly shotgunning the server with all possible first/family names combinations it would had most likely toppled over.
I believe that indeed the ISP's greedy marketing department sold (consciously or not) the new addresses to some well-organized and very reactive spammer conglomerate. This was IIRC around the year 2000, many people hadn't yet assimilated that spam is really bad and spammers are the lowest scum of humanity (on the level of pedophiles).
I left my employer a little over 5 years ago, then due to company acquisition found myself working for the same one, with the same email address.
No, I didn't find 5-year old emails in the new inbox, but I did start receiving commercial email from a restaurant chain I had used over 5 years previously. They must have been receiving bounces for over 5 years!
The bounces going to /dev/null and the spam being sent without human intervention or control, there is nothing surprising in that.
We actually only see the top of the flagpole on the tip of the spam iceberg... If spam suddenly ceased to exist, I'm pretty sure worldwide electricity consumption would drop by a noticeable percentage.
A long time ago, in a different...
I "bagged" an "amusing" email address as part of a trial for a new service.
The trial published all the addresses in White Pages (see Yellow Pages and Post Office).
So my address was published for all to see before someone realised that this might have minor disadvantages.
It has always received SPAM but this seems to be reducing over time.
It has been a while, but I used to get some ISP based (or email software provider) developer have a brainwave and decide that the "amusing" address would be just wonderful and (presumably) cool and amusing test email address.
Cue flood of test emails.
When they were emailed to explain that this was a real email address in current use it all went quiet.
I never received an apology though.
Developers obviously so overwhelmed by their own wit that they never considered checking that a clearly valid email address was already in use.
I still use the address and the level of SPAM is remarkably low, all things considered.
I assume there is a whole world of email being shredded by various servers before they get anywhere near me.
On another topic I still occasionally see mentions of Scunthorpe and Penistone (amongst others) being blocked by email content filters
Er, you can't, unless you actually send it a message and the recipient replies. I know that there are people out there who claim to be able to validate active email addresses in return for money, but they are lying scumbags.
Depends what you mean by validate. From what I see in my logs, this usually means (a) seeing if a RCPT command passes (luckily they seem to be ok with 4xx replies, since I greylist), and (b) checking that a RCPT with random local-part is rejected. That is some form of validation.
A friend complained that my replies to her emails were randomly going into Junk Mail on Yahoo. I sent her a link about white list configuring on Yahoo email. She says the app method hasn't worked.
That triggered me to do something about my invoices from regular suppliers which always go to my Microsoft 365 Junk mail folder. Nowhere could I find anything on the 365 dashboard domain/email admin to do anything about overriding their Junk Mail decisions. I suspect from their "How to" elsewhere that I have to buy an additional subscription to their "Defender" on my domain's email account
When I check my spam folder it is always at least 50% in French. No idea why. It's been that way for nearly a decade. It is the only language other than English I've ever been taught, though as that was over 4 decades ago,I barely know it well enough to read any more, though now thanks to the spam I know the names of a lot of French supermarkets and banks.
Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.
The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.
Google did not immediately respond to a request for comment. If the web giant's alleged plan gets approved, political campaign emails that aren't deemed malicious or illegal will arrive in Gmail users' inboxes with a notice asking recipients to approve continued delivery.
Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.
This email campaign was detected in May and is ongoing, according to researchers at Zscaler's ThreatLabz, and is similar to phishing messages sent a couple of years ago.
This latest wave is aimed at US entities in a broad array of sectors, including software security, security solution providers, the military, healthcare and pharmaceuticals, and the manufacturing and shipping supply chain, the researchers wrote this month.
The cross platform email client Thunderbird is to launch an Android version, which will be based on the existing K-9 app.
It has acquired the FOSS Android email client and one-time Register app of the week K-9 Mail, which will become Thunderbird for Android.
The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.
According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.
Browser maker Vivaldi's email client has finally hit version 1.0, seven years after it was first announced.
Vivaldi Mail, which includes a calendar and feed reader as well as an email client, first arrived in technical preview in 2020. A slightly wobbly beta arrived last year alongside version 4 of the Chromium-based browser. After another year of polish and tidying of loose ends, the company has declared the client ready.
As before, the client is built into the browser, meaning it is unlikely to appeal to many beyond Vivaldi's existing user base. Enabling it is a simple matter of dropping into Settings pages and wading through until the option to enable Mail, Calendar, and Feeds can be selected. Vivaldi has a lot of settings – delightfully customizable for some and downright baffling for others.
Obituary The IT community has suffered a double loss with the passing of two industry icons.
A post in the Facebook group for former Inmos staff says that the company's founder, Professor Iann Marchant Barron, died at the age of 85 last month.
Microsoft has updated its roadmap for Exchange Server and revealed that the next version will arrive in 2025 – four years later than planned.
A post opens with a reminder of Microsoft's previous promise to deliver a new subscription-only version of Exchange in late 2021, then details the many security improvements made to the messaging server during the same year – including plenty in response to the four zero-day vulns that attackers used to plunder data from US-based defense contractors, law firms, and infectious disease researchers.
Microsoft's post doesn't admit that those efforts were the reason it didn't deliver the planned late 2021 update, instead stating the product's developers "continue to focus on security" but are "now also ready to share our long-term roadmap for Exchange Server."
Two security researchers have identified five related techniques for hijacking internet accounts by preparing them to be commandeered in advance.
And they claim that when they analyzed 75 popular internet services, almost half were vulnerable to at least one of these techniques.
Avinash Sudhodanan, an independent security researcher, and Andrew Paverd, a senior researcher at Microsoft, describe their findings in a paper titled, "Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web."
Google has quietly dropped its demand that users of its free G Suite legacy edition cough up to continue enjoying custom email domains and cloudy productivity tools.
This story starts in 2006 with the launch of “Google Apps for Your Domain”, a bundle of services that included email, a calendar, Google Talk, and a website building tool. Beta users were offered the service at no cost, complete with the ability to use a custom domain if users let Google handle their MX record.
The service evolved over the years and added more services, and in 2020 Google rebranded its online productivity offering as “Workspace”. Beta users got most of the updated offerings at no cost.
Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.
In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.
What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).
Biting the hand that feeds IT © 1998–2022