Ask HN: A business sold my email. What can I do about it?
I have used the + feature in gmail for a while now. I finally received spam from one of these emails. I bought something on mace.com 4 years ago and today I received an email from NewYorkLife.com acarapezza@ft.newyorklife.com via mailchimp to the same address.
I reported as spam to mailchimp. I told gmail it was spam. I also emailed mace's support address asking them to remove me from the list emails they are selling. Searching google I see lots of suggestions to use the + feature but never what to do after catching someone using it.
Is there anything else I can do about it?
13 comments
[ 4.6 ms ] story [ 22.1 ms ] threadHell, even a $500 small claims court suit might make for a good option.
Depending on how often they sell the info, you can just change your address with them, and permanently scuttle the original address (saves you from having to look at spam, etc).
If more people do this, then hopefully selling information like this will become less lucrative over time.
I did just noticed 5 days before I received spam to the same email address from
Copyright © 2014 Amazon.com Best Sellers, All rights reserved.
Our mailing address is: Amazon.com.bestsellers@gmail.com
Your situation seems different than mine. I think my addresses were taken during a security breach instead of being sold by the company.
In my case I just change my address with the company to dropbox2@, and block the original address.
I also have a friends-and-family email address that isn't published anywhere online that finally started receiving spams. I think it was taken from a neighbor's address book in hotmail when he got phished.
I think a possible long-term solution would be for everyone to have a unique address for everyone else. The email software would auto-negotiate a unique address after your first communication with the person, creating a pairing similar to a friendship on a social network. I'm getting off-topic, but here's a link explaining what I mean a bit more: http://stevenjewel.com/2014/02/clearskies-chat/ (It's about decentralized IM instead of email, but the same antispam technique would work for either.)
I suspect some spambots just try common dictionary and business words at domains with valid MX records.
I've only seen what would be considered dictionary attempts for four addresses, info@, admin@, sales@, and support@ but only on a few of the domains.
A few years ago I started getting spam at random hexadecimal addresses at two of my domains, such as 72da48ba6@, about two spams per address per day. There turned out to only be ~ 800 unique addresses that were targeted, and so it was easy to block. What I think happened is this case is a address-to-spam-list creator padded his lists manually before selling them to make the list size bigger. I still get email at those 800 addresses, but no new hexadecimal addresses since I blocked the original set.
I get maybe 30 a day, from numerous sources, and they actually turn out to be legitimate message-IDs which were generated by my host when replying to public mailing-lists.
I think some kind of automated spider decided they were mail addresses.
When I get incoming spam I can look up who the address is assigned to, cut off the alias and then take further action such as notifying the company, giving them a new email, or cutting ties with them.
I don't bother with retribution (would take too much time) -- if the company is unwilling to acknowledge the incident or it happens multiple times I cut the cord and move on.
Thanks!