How do spammers get our info?


#1

Ok, so I’m wondering… We’ve had our domain for over 10 years now. Some of the e-mail addresses have stayed the same. Others, like mine, is only a few years old.

How do spammers get a hold of our e-mail addresses when we KNOW that some of them have NEVER been entered into a web form, and that there’s no client hijack that could have been used to obtain the address.

For instance, we have an e-mail address like page@domain.com which is used for sending text messages to cell phones. It’s never used anywhere except for our internal server. So, how are spammers getting this address to send junk to?

Also, it seems a lot of the spam coming in has keywords that we might actually use in our e-mails…

So, basically what I’d like to know is a) how are spammers getting these keywords and addresses, and b) how can I get addresses off of these lists? There’s no removal links in most of them.


#2

It could be a dictionary attack - though I thought those were only being done on the biggest domains because the yield of good addresses was pretty low for niche domains.

extra domains and the new maximum $50 off with codes [color=#CC0000]1DOM50, 2DOM50 and 3DOM50[/color]. More Dreamhost coupons


#3

Well some of the addresses have been under heavy spam for years. Is there a way to get rid of most of it without changing addresses?

I suggested to management that we restructure our e-mail addresses (to something like First.Last@Domain.com) so they’re less obvious (like First@Domain.com), but they still want to keep the same addresses they’ve had for years…


#4

Dictionary attacks, grabbing them from the mailboxes of others with worms, etc…

You can’t. If they cared what you wanted, they wouldn’t spam you in the first place. :wink:

Clicking those confirms that you read your spam mail and that they should spam you forever. Never do that.

When I get an email that gets too much spam, I set up an autoresponder that deletes all incoming email and replies with an explanation of what’s going on. I include an explanation of it being a joe-job, in case that’s what it is, plus a link to a contact form for legit contacts.

That way, I don’t get any spam from it, but it’s still away for people to get in touch that don’t have my replacement address.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#5

You are not part of the solution. You are part of the problem. “Autoresponders” to spam mails are a bad, BAD idea. Most spam comes from forged senders; an autoresponder will reply to that forged email-address. Usually that leads to a party that had not been part of the spamming and is being abused just the same (commonly known as joe-jobbing). Autoresponders are a crock of ****; if you ever get joe-jobbed, you will know what I mean (happens every couple of weeks here; Spam filters catch most of the crap that arrives, but autoresponders usually get through. Hundreds of them, many claiming that due to too much spam, the account is closed. Sometimes I get dozens of mails from a single account.

You are obviously aware that this is happening, since you know what a joe-job is. As such, this practice is the most selfish thing you could do. Thanks.

(just drop mails like that in the SMTP conversation with a proper error message, not later on as a reply; you can make your error message say whatever you want; legitimate senders and spammers alike will get it, though the latter won’t care (and may even stop sending you crap once they only get SMTP errors from your server)).

To the OP : You are SOL. Once your mail address is in their databases, it’s not gonna get removed, no matter what you do. The problem is gonna get progressively worse as the address keeps getting “passed around” (i.e. sold in lists) between scum. As for how they could have gotten page@ – page is a common English word. That’s probably a simple dictionary attack. Firstname.Lastname only protects you from spam if you never communicate with anybody, ever; all it takes is one infected winblows box for the address to be harvested. For stuff such as paging email addresses, you might want to use a whitelist-approach (though even that will usually not save you from forged senders; you might have to consider signing your mails with gpg and only allowing properly signed messages to go through to your pagers).