Featured eCardI remembered... I LOVE YOU
Send this eCard
to a friend or loved one right now.
What's up with this SPAM I am getting from one of your domains??
First and foremost, we do not send out ANY spam. Even the domains that we have that are used for free web based email would be very difficult and time consuming to send out spam though.
The free webmail domains that I have (tiggerfan.com, poohfan.com and mickeyfan.com) are all hosted by a 3rd party provider... everyone.net. Basically all I do is own the domains, and they handle everything else. Any email that actually comes from those domains will have several references to "sitemail.everyone.net" in the headers. If there are not references to the above in the headers, then the email could not have come from one of the free domains listed above as they all most go through that server to be sent out. If you like, you can go sign up for a free account, send yourself an email and see for yourself. The reference would look something along the lines of this:
If it came from one of my non webmail domains which are only hosted on a single server, it would have "goofy.disneysites.com" in it a few times. Something along the lines of this:
Received: from 66.98.XXX.XX (HELO goofy.disneysites.com)
What you are most likely seeing is the result of Email Spoofing. No I am not making this up as an excuse to why you got an email that looked like it came from one of my domains. Read on and you will see how things go in the world of spamming.
What is "Email Spoofing"??
Basically it mean putting a fake email address as the return address in an email. In just about any email program you download, it asks you what email address you want to use for the return address. There is no authentication to make sure that the email you enter is real, correct, or that you actually own it. Whatever you enter in for that address is what will be used. Go ahead and try it. Any downloadable program (and even some web based ones) will allow you to change your return email to anything you want. Go change it to email@example.com and then send an email to yourself (to your normal email address not your new fake one). When you receive it see who it is from.
That being said... if you were sending out thousands and thousands of emails a day, that 99% of the people are going to be mad about receiving... would you put a your real address as the return address? I didn't think so. Spammers will often times take one of the emails from their list, and put it as the return address when sending it to someone else on the list.
A quick example... both Fred and George are on a spammers email list (I will discuss how they got on the list later). The spammer sends an email to Fred that looks like it is from George, and sends an email to George that looks like it is from Fred. There is no way to actually tell where the email really came from because I can put in ANY email address in the email program as discussed above.
So how did my email get on this list?
This is a harder nut to crack. There are MANY ways for your name to get on a list. There are programs that do nothing but scower the web for email addresses that are on websites. If you ever put your email address on any site, message board, newsgroup or otherwise... you are most likely on several lists already. Even if you did some tricky "myemail at mydomain dot com" in text, they have programs that know many of those tricks, and look for those phrases as well.
But I've never posted my email anywhere you say... The next potential method is for spamming programs do is kind of similar to the email spoofing thing. They take the first part of Fred's email, and match it with the domain from George's. Then match the first part of George's with the last of Fred's. Now... what are the chances of them getting a valid email out of this process?? Who knows... probably like 2%. But when you have a program that can do this thousands of times a minute... it costs them virtually nothing to send them out, and they are putting the return email addresses of FAKE people in the email so that they never get the "no email address exists at that address", then it doesn't matter to them that they had 98% mistakes.
Ok... but I've never put my email address ANY where for it to get in the list for your switcheroo example. First off the switheroo is creating addresses, so that argument won't work. Second, spammers will also just start making up addresses as well. Many people use words out of the dictionary, or common names. What do you think the odds are of there being a "john" at any given domain? So why not just try "john" at EVERY given domain... "just in case" there is one. Again, they aren't getting the "unsuccessful" replies when it doesn't work... "fred" at another domain is. Then they just start tossing in random numbers and letters to again try and match your email. How many pepole named John, have a favorite number of 7, or a number from when they played football of 41 that they tack onto their name. That is very easy to fake.
My email address of firstname.lastname@example.org is what is used on my contact page. So there is no more real harm in listing it here again for an example since it's already on dozens of lists. A year or so ago I started getting email at email@example.com and firstname.lastname@example.org both emails I never used anywhere. It took me a while to figure out that they were just shortened versions of the one that I published (webmaster and webmaster). They will try anything they can to find a valid email.
So how do I get off these lists?
The short answer is DO ABSOLUTELY NOTHING.
Sure, some emails have "click here to remove your name from this list" links in the emails they send. But as soon as you click that link, they know that they have a valid email address since an action was taken from it. Ever notice that sometimes those links go to something like "remove.html?id=asljk23049asj230irj". That big ole long jumble of letters and numbers at the end is a kind of tracker that they use to track every email they made up using the above approaches. When you click into their site using that link, they flag your email address in their database as an actual email address.
Now... if they are a respectable company, they will actually remove your email address and all will be right with the world. But it is more likely that they will do one of two things. They will remove you from THEIR list so that they can say they are doing what they said they would when the authorities come knocking. But they may be compling another list to sell to other spammers. Think how much a list of VERIFIED, FUNCTIONAL email addresses are to another spammer. They can legally say they removed you from their list, but just not really say they put you on a different list and sold you to their cohorts in crime. The other option is that since they are illeally sending email in the first place, they won't remove you from their list at all, AND they will sell your email to others. It isn't going to cause them any more sleepless nights then they were getting before.
See what trouble you've created for yourself just by "trying" to remove yourself from their list??? It is better for you to never respond or click on any link in any spam. It's just not worth the potential of what problems it could create. Are there legitimate people out there that will remove you from the list and that will be the end of it? Sure there are... but are you willing to play roulette and see if you reply to the ones that are good??
Misc other stuff
Sadly, even viewing an email can verify that an email address is valid. Using the same process as the link I said not to click above (the one with the big ugly ID number on it), images that load in HTML letters have similar IDs on them that when you load the image, the database flags your email as having loaded it and you are now a valid email address on their lists. Just can't get away from it can you.
To sum up...
I hope this has shed some light into the world of spammers for you. I apologize that you got email that appeared to be from one of my domains, but I can assure you with 99% accuracy that it did not actually come from my domains. Sure there may be 1-2 people using my free webmail domains doing this by hand througha a web interface... but I seriously doubt it. I get HUNDREDS of spam a day as people use ALL of the above tactics on the domains I own, and I truely feel your pain. I have even received them from my OWN domains, ones that aren't the free webmail ones and that I have full control over. But there is nothing that can currently be done about it from my end our yours. It is sadly just part of the internet today.
There are dozens of projects where people are trying to find new and innovative ways to stem the tide of SPAM. In the future I may link to some of those projects here, but until one of them has a breakthrough, and then the majority of people adopt that new system... it is something that will be here to stay.