The war drags on

The war on spam, that is.

As an interesting experiment, I stopped compulsively deleting my junk mail folder, and instead set that folder to delete old items automatically after 48 hours (yay, Thunderbird). This has given me new insight into how much spam I get, and where it is coming from.

Before making any adjustments, I was getting about 110 pieces of spam a day. 90% of these were automatically detected as spam (yay, Thunderbird).

I found a certain number of email addresses that I had never used anywhere, but which were frequent guesses by spammers. admin, help, accounting. I've blackholed these, which has started to help.

Quite a few come from email addresses I have incautiously included on my website. I’m thinking I will remove these from the web, but not black-hole them yet to see if the tide shrinks on its own.

My previous post about email seems to have produced a few as well. The email address I used as an example, devnull@toomuchblue.com, (look, there it is again!) has started receiving a lot of spam. If it’s blackholed, how do I know this? Because spammers, in an apparent effort to conserve bandwidth, have sent email to multiple toomuchblue addresses at once. When I receive email for a different address, if devnull@toomuchblue.com (oh, look, again!) is in the list of recipients I can be certain it’s spam. This gives me a new easy junk-mail rule (yay, Thunderbird). It’s kind of an email honeypot.

Far and away, the most spam I get is from an email address I use to communicate with the bugzilla project. The very day I was assigned a bug in their bug tracking software, I received 16 new pieces of spam to that address, and I currently receive about 40 pieces a day, mostly in Chinese. Fortunately, these are pretty easy to filter out. The only email I want would be email coming from that project’s own server.

A Far and away, the most spam I get is from an email address I use to communicate with the bugzilla project.more surprising source of spam was a vendor I recently did business with.

I bought flowers from ProFlowers.com for Mothers Day, using a brand new email address. Since then, I’ve had a smattering of emails from them, but nothing burdensome. They had told me up front they would send me offers, so I didn’t consider this spam.

I also started getting messages from some new vendors - fruit baskets, teddy bears, quite a variety. Each time, they explained how they got my name, and said I could safely unsubscribe, which I did each time. I also went back to the ProFlowers.com website and verified my privacy settings. Apparently, there was a separate option for “partner email”, which was automatically checked when I accepted Offers email. OK, fine, my fault. Uncheck the box.

Ever since that, I haven’t had any “partner” email, but I have started receiving about 4-5 pieces of spam for that email address a day. This tells me one of three things is happening:

• ProFlowers.com or one of their partners has had a security breach and emails have been harvested.
• ProFlowers.com or one of their partners has shared email addresses with an organization which does not follow the safe-unsubscribe policies of ProFlowers.com.
• ProFlowers.com or one of their partners has vindictively subscribed me to spam in retaliation for unsubscribing.

I’ve contacted the business who referred me to ProFlowers.com to let them know about this. In the mean time, I don’t recommend them. My first order with them didn’t go all that smoothly, anyway. Anybody can have a bad day, especially a florist around Mothers Day, but with the spam involved, it’s just safer to stay away. It looks like I’ll be blackholing this email address soon as well.

I do consider this a great argument for throw-away email addresses, however. Most ISP’s allow you to create additional email addresses whenever you want. I know Comcast allows up to about 10, and they can automatically forward to another account. It’s very easy to create an email address for a particular transaction, wait until everything has shipped or resolved, then discard the address again.

P.S. This post is an experiment using a new blogging tool. I’ll have to see how this looks on the web before making a decision.