-
I've started getting spam sent to the e-mail address I use for ML, even though my settings hide my e-mail address. Any reason why?
-
Maybe it got auto-discovered. The address should not be exposed anywhere. Only mods can see it. I don't use a special email for ML so if that was happening, I would not notice.
How much are you getting? Does the type of spam give any hint to its nature?
-
If you are using real words in the email name and a common service, there are a lot of spam systems that just try to guess at those and if they don't get a "failed delivery" message, then they suddenly announce it to other spam systems (normally owned by the same place) and start sending to it.
-
My e-mail address is mangolassi@mypersonaldomain.com so not guessable. I've had a handful, all from Chinese wholesalers trying to sell me stuff - watches, batteries, industrial products etc etc.
-
mangolassi is a commonish English word. Very guessable as an email name. The domain, no idea how guessable that is. Given the volume of spam, I'd not be surprised if every Gmail, Yahoo and such name portion isn't known and used as an attack against any given domain. Just a guess.
Totally plausible that we were hacked by hackers (and that they could easily be Chinese.)
-
@scottalanmiller awww, even chinese hackers don't want to email me then...I'm sad now
-
@scottalanmiller said in Spam:
mangolassi is a commonish English word. Very guessable as an email name.
No, it's not. This is concerning, and should be looked at.
-
I also use site@personal-domain.com and getting SPAM on a address is the first sign of a security issue (sometimes minor, sometimes not)
-
@aaronstuder said in Spam:
@scottalanmiller said in Spam:
mangolassi is a commonish English word. Very guessable as an email name.
No, it's not. This is concerning, and should be looked at.
Umm, yes it is.
His personal domain is also well known as one would assume it is used elsewhere for other things.
Spammers send dictionary attacks out.
Having had my own domain (daerma.com) since 1999 with more than a few emails that were used once off similar to what @Carnival-Boy describes, I can tell you they still get spam.
-
@aaronstuder said in Spam:
@scottalanmiller said in Spam:
mangolassi is a commonish English word. Very guessable as an email name.
No, it's not.
Huh? In what way is it not super common? It's a standard menu item. Like cheeseburger. Not THAT common, but super common. Although when you consider the Indian world's use of English, it might easily be more common than cheeseburger.
-
@JaredBusch Interesting. I have a catch-all and I get very little SPAM.
-
@JaredBusch said in Spam:
Umm, yes it is.
His personal domain is also well known as one would assume it is used elsewhere for other things.
Spammers send dictionary attacks out.
I don't think so. I've had this domain for about ten years and I can't ever remember having spam sent as a dictionary account (or to my other domains). The chances of the first dictionary attack also being the name of a forum I post on must be billions to one.
I get spam from breaches. Mostly to adobe@mydomain.com and pitchfork@mydomain.com (Pitchfork is a big music site).
The only other explanation I can think of is that I originally didn't hide my e-mail address on here.
-
@aaronstuder said in Spam:
@JaredBusch Interesting. I have a catch-all and I get very little SPAM.
There are many factors. And sometimes just random. You have a catch all with no SPAM filter? When I've had a catchall, it gets a LOT.
-
@Carnival-Boy said in Spam:
The only other explanation I can think of is that I originally didn't hide my e-mail address on here.
I think that it is always and always has been hidden by default. I'm not 100% sure on that, but I'm pretty sure. A breach is more likely than that, I'd guess.
-
@Carnival-Boy said in Spam:
I get spam from breaches. Mostly to adobe@mydomain.com and pitchfork@mydomain.com (Pitchfork is a big music site).
So you create new email addresses for every service you use service@yourdomain.com and think it's incredibly unlikely that you're getting spam?
That doesn't make a ton of sense to me. To me it would seem more likely that your domain is now "known" because of the number of people accessing your site, and thus spammers targeted you.
-
I use a custom domain purely for e-mail. There is no site and so no easy way for the domain to be known. A google search for the domain returns nothing.
-
Just because there is no site, doesn't mean a bot can't search the registered domain list...
-
Technically, yes. But in reality, no way.
-
-
@scottalanmiller said in Spam:
@aaronstuder said in Spam:
@JaredBusch Interesting. I have a catch-all and I get very little SPAM.
There are many factors. And sometimes just random. You have a catch all with no SPAM filter? When I've had a catchall, it gets a LOT.
Exactly - you have a private domain name and a catchall, but it's not loaded with spam from the catch all with all kinds of random crap? That seems so unlikely as to be unbelievable.
My spam filter, while not seeing a dictionary worth of bad addresses, definitely sees all kinds of random crap for names daily.