RSS LJ

January 31, 2004

Earthlink listing/selling email addresses for spam? ()

by fluffy at 11:23 AM
I just got a spam to my Earthlink DSL email address. Which is funny because I have never, ever, ever used that address for anything but correspondence with Earthlink, and so far as I know it's never been listed anywhere on the Internet.

So, is Earthlink selling addresses to spammers (maybe as part of trying to sell their spam-prevention "service"), or did they mess up and accidentally list all registered usernames somewhere?

Requisite header information:

From: WE2902@hotmail.com
Subject: Why wait start doing surveys now
Date: January 31, 2004 2:19:15 PM MST
To: [xxx]@earthlink.net
Reply-To: WE2902@hotmail.com
Return-Path: <WE2902@hotmail.com>
Envelope-To: [xxx]@localhost
Delivery-Date: Sat, 31 Jan 2004 11:20:32 -0700
Received: from zorkachu ([127.0.0.1] helo=localhost) by zorkachu with esmtp (Exim 3.35 #1 (Debian)) id 1AmzjM-00024r-00 for <[xxx]@localhost>; Sat, 31 Jan 2004 11:20:32 -0700
Received: from mail.earthlink.net [207.217.121.212] by localhost with POP3 (fetchmail-6.2.4) for [xxx]@localhost (single-drop); Sat, 31 Jan 2004 11:20:32 -0700 (MST)
Received: from computer ([67.168.170.2]) by vulture (EarthLink SMTP Server) with SMTP id 1aMZIo4bX3NZFl50 Sat, 31 Jan 2004 10:19:30 -0800 (PST)
Status: U
Content-Type: text/plain;charset="iso-8859-1"
X-Mailer: Microsoft Outlook, Build 10.0.2616
Message-Id: <200401311019.1aMZIo4bX3NZFl50@vulture>
X-Bogosity: No, tests=bogofilter, spamicity=0.945494, version=0.16.1
I also did a quick websearch on the address, and it's not listed anywhere. So it seems likely that Earthlink actively sold my address to spammers, as if them getting $50/month from me for DSL wasn't enough. Whee.

Comments

#1792 01/31/2004 10:31 am
Are you going to send them a complaint/inquiry?
#1793 01/31/2004 10:33 am
Yeah, as if.
#1795 01/31/2004 01:14 pm fishing
I presume that your username is not the sort of thing that a spammer could accidently get by fishing for it...

I get spam for a number of different users on my own domains that have never existed anywhere...and I see the same usernames on all three sites. If you username is something like "fred@earthlink.net", it might not be earthlink but a dictionary attack.
#1796 01/31/2004 01:37 pm
My username is my first initial and last name, and is the same as one of my spammed-to-death accounts. It's possible (but highly unlikely) that it's been added to a spammer dictionary.
#1797 01/31/2004 02:51 pm
>My username is my first initial and last name, and is the same as one of my spammed-to-death accounts.

Unfortunately, this is how they got me when I switched over to Sympatico DSL five years ago. They still haven't picked off my Cable username, but it's only a matter of time.
#1808 leviramsey (unregistered) 02/01/2004 07:48 pm Judging by
the number of spams that are my first initial and last name (admittedly, my last name is more common than yours) to many different domains, I'd say it's quite possible that there are spammers who automatically add usernames encountered at other domains (especially .edu's, since people are likely to move, I would imagine) to the list of names to try at common domain names.
#1809 02/01/2004 07:50 pm
Yeah, probably.

On a related note, lately there's been a LOT of bounces to [randomname]@trikuare.cx, apparently being generated by a mail virus but maybe from an actual spammer (though the contents so far appear to be a virus/worm/whatever). I expect to be getting a huge influx of angry "QUIT SPAMMING ME" mails soon anyway. :/
#1811 OcelotBob (unregistered) 02/02/2004 01:04 am Yep, it's a virus
Mydoom. Evil, nasty, spammy. The maker of the virus needs to be filled with bees or something.
#1812 02/02/2004 01:10 am
Wait, mydoom randomizes the username? I thoguht it was like all other spoofing viruses which just used other username@hostname wholesale.
#1816 ocelotbob (unregistered) 02/03/2004 03:22 am The evils of mydoom
Yep, it randomizes it. From the mydoom detrius I've seen, it's got its batch of preferred names, plus it'll pull names and combine them from your address book.