Saturday, April 12, 2014

Spam

More than a decade ago, I started using a different email address every time I needed an account with a website.  That way, if one of them started to spam me, I'd be able to tell who it was.  Impressively, I've only gotten spam from one site in the past decade: Uproar.com, a site that offered various Flash games.  And that was only after they went bankrupt and their liquidation company decided that a good way to pay off loans would be to sell their list of customer data.

Okay, to be accurate, I've only noticed spam from Uproar.  I don't routinely go through my junk mail folder, so it's possible I've gotten some spam through an address I used somewhere else, but I haven't seen it and there weren't any examples in my most recent 100 spam emails.  And for a while I also had a junk-only email address that I used for things that I knew would not be trustworthy, and that gets an occasional email or two as well.

The majority of my spam appears to come from email addresses that have been harvested by malware.  I get quite a bit of my spam from addresses that I used for outgoing mail for tech support requests for my various apps, and then that address gets stored in someone's email forever, and eventually they get compromised and their email history is harvested and they get an address that way.  In those most recent 100 spam, I mostly see my tech support addresses.  The rest are all "shotgun-approach" spam, sent to asfw2b3bw2@mydomain.com or info@mydomain.com, both addresses I've never used.

Overall I'd consider my experiment to be an interesting success, and it suggests to me that the vast majority of peoples' spam problems are a result of human carelessness.  One of the many problems with the design of email is that it only takes one careless friend or relative to leak your address (generally via malware), and then it's compromised by spam forever.

* * * * *

UPDATE October 2014: I'm now getting spam from an address only used with Home Depot as well, so they shall be added to the hall of shame.

No comments: