MobileRead Forums - View Single Post

Worldwalker · 11-04-2010, 09:51 AM

I use unique email addresses for everyone I do business with. Not only does it spot spammers, but it makes filtering a snap. While this might be more work than some people want to go through, you should at least consider having a few: one for family and friends, one for forums, one for business emails, etc. Buying your own domain name is trivial at this point, and you can just alias all the incoming addresses into one if you prefer it that way. That makes it possible to keep secure email addresses protected from random spammers, as well as making it obvious where the spam is coming from.

As an example, a forum leaked. A spammer got their email addresses. I know because I've gotten spam at that address warning me my account is about to be deleted from a game I've never played. Yeah, they're reaching.

But I know who's spamming that and more or less why, whereas if it was showing up on a general-purpose address, I wouldn't have a clue.

As for how any given company could leak email addresses: They might not have done it at all (see the game "threats" above). They might have done it deliberately (the Southern California BBB once gave an address used only with them to a spammer I complained about -- one who was bragging about his BBB membership). Users might have put their email addresses somewhere visible from the Web. A legitimate website or entire system could have been cracked: see T.J. Maxx. Or someone could be selling addresses out the back door -- back in the day, Earthlink had someone doing that. Without knowing where they got the address, you can only take wild guesses.

That's where your second layer of defense comes in. You don't use Outlook. You don't open strange .exe files. You turn off "hide extensions for known file types" so you know if they're .exe files or not -- spammers are smart enough to send out picture.jpg.exe. You know what you expect to get, and get suspicious when something unexpected shows up. You know how to read headers. You have a virus scanner watching your email. And, of course, you let the right people know -- likely targets and the purported source. Believe it or not, there are companies who don't find out someone is phishing as them for days, because everyone says "oh, someone else probably told them" and nobody does, so by the time they find out and try to do something, the phisher is long gone.

11-04-2010, 09:51 AM	#6
Worldwalker Curmudgeon Posts: 3,085 Karma: 722357 Join Date: Feb 2010 Device: PRS-505	I use unique email addresses for everyone I do business with. Not only does it spot spammers, but it makes filtering a snap. While this might be more work than some people want to go through, you should at least consider having a few: one for family and friends, one for forums, one for business emails, etc. Buying your own domain name is trivial at this point, and you can just alias all the incoming addresses into one if you prefer it that way. That makes it possible to keep secure email addresses protected from random spammers, as well as making it obvious where the spam is coming from. As an example, a forum leaked. A spammer got their email addresses. I know because I've gotten spam at that address warning me my account is about to be deleted from a game I've never played. Yeah, they're reaching. But I know who's spamming that and more or less why, whereas if it was showing up on a general-purpose address, I wouldn't have a clue. As for how any given company could leak email addresses: They might not have done it at all (see the game "threats" above). They might have done it deliberately (the Southern California BBB once gave an address used only with them to a spammer I complained about -- one who was bragging about his BBB membership). Users might have put their email addresses somewhere visible from the Web. A legitimate website or entire system could have been cracked: see T.J. Maxx. Or someone could be selling addresses out the back door -- back in the day, Earthlink had someone doing that. Without knowing where they got the address, you can only take wild guesses. That's where your second layer of defense comes in. You don't use Outlook. You don't open strange .exe files. You turn off "hide extensions for known file types" so you know if they're .exe files or not -- spammers are smart enough to send out picture.jpg.exe. You know what you expect to get, and get suspicious when something unexpected shows up. You know how to read headers. You have a virus scanner watching your email. And, of course, you let the right people know -- likely targets and the purported source. Believe it or not, there are companies who don't find out someone is phishing as them for days, because everyone says "oh, someone else probably told them" and nobody does, so by the time they find out and try to do something, the phisher is long gone.