About Me

Curriculum Vitae

A brief list of my current skill set

Bloggybits

Automatically Cropping Images is Hard
Monday, 21st October 2013, 19:00

But maybe we can use face detection?

The Git Cheat Sheet
Friday, 6th September 2013, 11:30

for github, bitbucket, that kinda stuff

CoffeeScript and TypeScript are Stupid
Saturday, 17th August 2013, 11:21

Don't use them!

Changing the Order of the jQuery Event Queue
Wednesday, 3rd July 2013, 20:27

It's just a push to the left

How Do Spammers Get My Email Address?
Wednesday, 15th May 2013, 18:03

I think these days I have a pretty good idea

XSLT, node.js 0.10 and a Fun Two Days of Native Modules and Memory Leaks
Thursday, 25th April 2013, 17:14

documentation makes things less cryptic, so lets not write much of it

Fixing CentOS high cpu usage when running as a virtual machine under VirtualBox
Sunday, 21st April 2013, 20:28

innotek rocks! I mean Sun... I mean Oracle...

Repairing a dK'Tronics Keyboard and Scoping Out a ZX Spectrum 48k - Part One
Sunday, 17th March 2013, 23:51

What signals inside of it actually look like

Tabs vs Spaces and Why You Should Always Use Tabs
Monday, 4th March 2013, 19:51

Spaces are bad, just real bad

Why you should ban Amazon's Cloud IPs
Thursday, 27th December 2012, 14:50

And how to do it in nginx, Merry Christmas Amazon

Building Better jQuery DOM Inserts
Thursday, 20th December 2012, 15:18

Break it down baby

SEO Companies - Don't Waste Your Money
Wednesday, 12th December 2012, 16:16

Spammers by any other name

Projects and Sillyness

MAME Cabinet Diary

How I built my own arcade cabinet

Loading Screen Simulator

I don't miss the ZX Spectrum, I still use it!

The Little Guy Chat Room

It's a Pitfall inspired chat room

GPMad MP3

A fully featured MP3 player what I wrote

GP Space Invaders

My first little emulator

GP32 Development Page

Some info and links about this cute little handheld

Disney Nasties

Uncensored images, you must be 18 to view them

Minna's World

The cuttest fluffy puppy in the world

Diary of a Hamster

Learn about how hamsters think, first hand

Utilities

Time Calculator

A simple little online utility for working out how many hours to bill a client

A Few Links

How Do Spammers Get My Email Address?
Wednesday, 15th May 2013, 18:03

Last September, I wrote about how I finally retired my work email address, having used it for 13 years. The spam to it got too much, even after the hundreds a day our mail server rejected, I was fed up with the daily 30 or so getting through and clogging up my inbox.

Since then, I started using a unique email address for every different website. Yes, that's a lot of email addresses but it has three added bonuses:

  • If I start getting spam to that address I can retire it for a new one and know I only have to update one website
  • I know where the spammers got my address from
  • Even if I use the same password for two sites, the login for the sites are different

So, it's now mid May and 7 months with the new email addresses. And I'm getting spam again, in fact I have been for a few months. It's not bad, just a tiny handful a week in fact, but I'm definitely getting them again. Only this time, I know where from.

eBay and PayPal

Before you reel back in shock, no, I do not believe for one moment eBay and their financial arm are giving my address to dodgy dealers. But there is no doubt these are the email addresses which the spam is being sent to, and I have only used these addresses for those sites.

How do they get them then? Well the answer is pretty easy, I buy things on eBay and I pay with PayPal, so any seller who I have interacted with will have those email addresses.

Some of the spam I've had has actually been from websites run by the sellers, which is something eBay really ought to stamp on. If you buy something through eBay, then you are buying it through eBay, not the shop of the seller so you don't get any option of not being added to their spam list, they just do it.

Other spam is of the more typical get rich quick or pump and dump stock affair. It's possible that some big sellers on eBay abuse the position of having a large throughput of customers and sell on lists of them to third parties. I really wouldn't put it past some of them to do this, especially those from China.

Alas until I can specify a unique email address for every single transaction (there's an idea for you eBay!) I'll never know if someone sold my email address on.

The other equally likely possibility is a seller with a compromised computer, filled with back-doors and trojans harvesting everything in sight. There are millions of them out there, to think that this isn't a major source of harvesting spam addresses would be folly.

A Solution to Spam

Currently, there is no real solution to the problem with spam emails. Which is a shame, it's really not an easy problem to solve, even if you enforced SPF or similar technologies.

What there needs to be is a replacement for email, a new technology which is an open standard. You could have one that puts a huge burden on the sender and very little on the receiver. It needs to be expensive to send a lot of emails, but even then a spammer could distribute their CPU load across botnets and get around it.

So perhaps the real answer is some sort of permission token system, where whenever I give someone my email address they have the right to reply to it for a set amount of time only. You could make that time weeks for eBay purchases, months for friends, and hours for anything dodgy.

With a system that let you renew these rights easily yet revoke them at anytime, and simple automated interfaces to do it all for you, perhaps no different to the way things like Facebook let you know someone wants to be your friend.

Perhaps we just need a new header tag in emails to do all this for us, and then Microsoft, Google, Apple and Mozilla, to bring it in all at the same time. Then everything without the tag can go to the junk box and be damned. But that is never likely to happen, so the only real solution is your own domain name and an infinite supply of email addresses.

Comments

posted by davehibshman on Monday, 1st June 2015, 04:07

Wouldn't setting up and using a catch all account, allow to you use a different email per transaction?

posted by Robee on Monday, 1st June 2015, 07:36

Yes, I could do this now, but then how would you generate the email addresses for each transaction and remember what was part of what transaction?

Add Your Own Comment