Tell HN: I'm getting spam on an email address only ever used to sign up to HN
Basically thread title. This email address has only ever been used to sign up for HN. I have never posted the email address and never set it to public. What gives? I'll paste a copy of the relevant email headers and the text of the email below. The email is designed like a Docusign lookalike, including Docusign logos.
Return-Path: <nola@teacheip.com>
Received: from phl-compute-07.internal (phl-compute-07.phl.internal [10.202.2.47])
by slotpi12n09 (Cyrus 3.13.0-alpha0-133-gac9c1746a-fm-20250121.002-gac9c1746) with LMTPA;
Thu, 23 Jan 2025 13:09:47 -0500
X-Cyrus-Session-Id: slotpi12n09-1737655787-719141-2-12600257906326982523
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no
X-Spam-sender-reputation: 500 (none)
X-Spam-score: 50.0
X-Spam-hits: DATE_IN_PAST_03_06 1.076, DCC_CHECK 1.1, DCC_REPUT_90_94 0.4,
HTML_MESSAGE 0.001, ME_HAS_VSSU 0.001, ME_SC_NH -0.001,
ME_SENDERREP_NEUTRAL 0.001, ME_VADEPHISHING_NB 2, MIME_HTML_ONLY 0.1,
RCVD_IN_BL_SPAMCOP_NET 2, RCVD_IN_INVALUEMENT 2, RCVD_IN_INVALUEMENT24 2,
RCVD_IN_MSPIKE_BL 0.001, RCVD_IN_MSPIKE_L5 0.001, RCVD_IN_SBL_CSS 3,
RCVD_IN_VALIDITY_RPBL 1.284, RCVD_IN_ZEN_LASTEXTERNAL 8,
SH_BODYURI_REVERSE_CSS 3, SH_DBL_HEADERS 8, SH_HELO_DBL 8,
SPF_HELO_NONE 0.001, SPF_PASS -0.001, T_MXG_EMAIL_FRAG 0.01,
URIBL_CSS_A 0.1, URIBL_DBL_MALWARE 8, LANGUAGES en, BAYES_USED none,
SA_VERSION 4.0.0
X-Spam-source: IP='194.169.172.227', Host='sheer.teacheip.com', Country='BG',
FromHeader='com', MailFrom='com'
X-Resolved-to: REDACTED
X-Delivered-to: REDACTED
X-Mail-from: nola@teacheip.com
Email contents: Your 2025 DashBoard Agreement
REVIEW AND CONFIRM HERE
Dear REDACTED
Confirm your Webmail is still in use.
Important update regarding our operating agreement:
We have recently revised our agreement for all our customers to ensure clarity in our business relationship and remain aligned with industry standards.
Please select the secure DocuSign link above to review, sign, and confirm that REDACTED is still in use. By doing so, all 2025 features will be updated on your Dashboard.
Confirmation Deadline: January, 2025
Do Not Share This Email
This email contains a secure link to Docusign. Please do not share this email, link, or access code with others.
Alternate Signing Method
Visit Docusign.com, click 'Access Documents', and enter the security code:
467278E6C1C24415AF996AD5A66927041
About Docusign
Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Managementâ?¢.
Questions about the Document?
If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.
Stop receiving this email
Report this email or read more about Declining to sign and Managing notifications.
If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.
Download the Docusign App
This message was sent to you by NBS Contracts who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
40 comments
[ 2.7 ms ] story [ 45.9 ms ] threadIs it possible that the email provider leaked the whole list of emails?
Nation states, CIA or KGB?
RSA/EC cracked. Quantum or math?
Email leaked by fastmail.
Brute force attacks.
Reality:
Forgotten post with email; Spammer scraping HN.
edit: While the above statement is true, the e-mail was posted publicly on a 'whos hiring' thread so there is no mystery as to why it is receiving spam.
Have you ever sent any email using this as a return address?
Have you ever received any non-spam HN mail at this address?
If yes, it seems like it might have been grabbed from a server in the middle. If not, then it does sound like HN has to be the direct source.
Unfortunately the Internet does not forget.
Not trying to defend HN here, but if it's a custom domain and whatever comes before the @ is easy to construct, it may be automated spam. Nothing to lose for the spammer if it bounces back, but a partial success if it the server accepts the message.
Or did you once accidentally try to login somewhere else with your hackernews credentials?
Eventually it got a ton of spam, and it was pretty clear a lot of that was from brute forcing emails at the ISP.
> This email address has only ever been used to sign up for HN. I have never posted the email address and never set it to public.
Was it something simple and guessable, like hn@yourdomain.com? or ycombinator@yourdomain.com?