my spring email address is being spammed.

[Pink]

I'm curious. I set up unique addresses for each and every forum I log in to. I have not had one single piece of spam on my current domain, until I signed up here that is.

I cannot find anywhere on here that my email address is publicly available. The only place I can see it is on my profile page in the email setting box.

Can anyone explain how my email address (unique to this board) has gotten into the hands of spammers?

Based on my quick look around and not seeing any publicly available copy of my email address (which I'm not repeating here by the way) I can come to only two conclusions.

• My email address has been sold by whoever runs this board.
• The board has been hacked and my email address stolen from the database.

Any thoughts anyone?

I will be changing my email address on here, killing off the old one and if I get another spam sent to my new unique address I will be leaving this community as I will not consider it secure.

[aegis]

you made your email address public on your profile.
profiles are visible to people who aren't logged in, afaik.

I'm guessing a spider crawled this site and found your email account.

[KaiserJ]

jobjol got attacked by haxors, if you use your email to log onto there, maybe that's what happened.

[Pink]

So why can't I see my email address when I view my profile?

My profile is set to not allow users to email me. I can't find any other option and I would NEVER turn on such an option. I do allow board admins to email me.

[Pink]

I don't have a jobjol login.

[Peet]

I get lots of spam to email addresses that don't even exist on both of my domains.

[Pink]

I don't have ANY spam normally, not one, until spring. I don't have a catch all account.

I explicitly set up each and every address by hand.

My profile settings are:
Users can contact me by e-mail: Yes [No]
Administrators can e-mail me information: [Yes] No
Allow users to send you private messages:
Note that administrators and moderators will always be able to send you messages. [Yes] No
Hide my online status:
Changing this setting wonÔÇÖt become effective until your next visit to the board. Yes [No]
Notify me on new private messages: [Yes] No
Pop up window on new private message: [Yes] No

I can't find any other options. And none of those even indicate that my email address would be public. Users would mean in my mind that you had to be logged in. Admins would be explicitly admins (again logged in).

I toggled the "Users can contact me by e-mail:" to see if that showed my email address on my profile or in my posts, but even that didn't seem to make my address available.

I'm not new to spam (I've been on the 'net' since 1994, dialup BBS before that). I've been through setting up spamassasin and numerous other anti spam measures as a system admin. I know how spam works. I can read headers and understand them, scan the boxes they come from and shut the damn things down when they are zombies in some cases.
I know how to report spam and when it's not worth bothering. I even have abuse and postmaster addresses on various of my domains in compliance with RFCs.

[zwzsg]

you made your email address public

Make private the default.

[tizbac]

Try to google your email address( i hope that at least you trust a bit google lol) and see results
they are where it has benn published

[Pink]

I can already tell you where it's been published. here and only here.
Every single forum I subscribe to, every site has a one of unique email addresss set up for it.

It can only have come from here.

So if the only explanation is a bot scanned here then the time it took for me to register and then go and adjust the defaults on the profile page was when it was scanned by a spider. That is possible, but it's a damn short time frame. We are talking minutes here.

[aegis]

Users can contact me by e-mail: Yes [No]
Administrators can e-mail me information: [Yes] No

forgot I fell under the latter option.
I'll check the server logs for anything suspicious.

[Pink]

I googled it anyway, for a laugh.

One page and that's only because it the women who set the page up (Dawn IIRC) has watched the same TV series as me and picked up on a certain phrase. Which was where my domain name came from.

http://www.nfsps.com/mo/sparemuleonline.htm

[Pink]

Users can contact me by e-mail: Yes [No]
Administrators can e-mail me information: [Yes] No

forgot I fell under the latter option.
I'll check the server logs for anything suspicious.

So you are saying that the default on this board is to make email addresses public to even non logged in users?

I would suggest you change that default. Please do.

And you are assuring me that if I change my address now that I've turned off 'users can email me' that it will not be available anywhere on this board other than to admins (unless I explicitly post it somewhere)?

[aegis]

Users can contact me by e-mail: Yes [No]
Administrators can e-mail me information: [Yes] No

forgot I fell under the latter option.
I'll check the server logs for anything suspicious.

So you are saying that the default on this board is to make email addresses public to even non logged in users?

I would suggest you change that default. Please do.

And you are assuring me that if I change my address now that I've turned off 'users can email me' that it will not be available anywhere on this board other than to admins (unless I explicitly post it somewhere)?

no, I was saying I forgot I could see your email because I was an administrator, and assumed anyone could see it.

users can't see your email by default.

can you tell me when you got the spam email (and possibly the sending server, which would be in the headers), so I can more easily check the logs?

[Pink]

Complete headers with email address in the X-Rcpt-To header obfuscated from the first spam I received.

Code: Select all

From - Mon Jul 13 20:39:32 2009
X-Account-Key: account3
X-UIDL: sm_00002644_ff8eb53433c14b9e8b6c375357f2468b
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <asmsrth@live.com>
Received: from mail.midasevents.com [174.37.194.112] by mail.uk1.lunarnetwork.net with SMTP;
   Sun, 12 Jul 2009 19:24:19 +0100
Received: from 77.211.228.140 [77.211.228.140] by midas.znetindia.net with SMTP;
   Sat, 11 Jul 2009 01:27:09 -0700
Reply-To: <asmsrth@live.com>
From: "Ena Gonzalez"<asmsrth@live.com>
Subject: MSD Lottery Award
Date: Sat, 11 Jul 2009 10:29:24 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Rcpt-To: <XXXXXXXXX@XXXXXXXXXXXtight.com>
X-SmarterMail-Spam: SpamAssassin 28 [raw: 14], SPF_SoftFail, DK_None
X-SmarterMail-TotalSpamWeight: 38

The next two...

Code: Select all

From - Tue Jul 14 19:55:37 2009
X-Account-Key: account3
X-UIDL: sm_0000270C_ff8eb53433c14b9e8b6c375357f2468b
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <postcodemg@aol.nl>
Received: from mirapoint7.brutele.be [212.68.199.151] by mail.uk1.lunarnetwork.net with SMTP;
   Tue, 14 Jul 2009 19:46:11 +0100
Received: from User (dhcp-077-248-023-059.chello.nl [77.248.23.59])
	by mirapoint7.brutele.be (MOS 3.10.3-GA)
	with ESMTP id KLH98333 (AUTH ale48378@teledisnet.be);
	Tue, 14 Jul 2009 17:42:21 +0200 (CEST)
Message-Id: <200907141542.KLH98333@mirapoint7.brutele.be>
Reply-To: <postcodewin@yahoo.com.hk>
From: "NL"<postcodemg@aol.nl>
Subject: Claims Requirements
Date: Tue, 14 Jul 2009 17:42:26 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Junkmail: UCE(51)
X-Junkmail-Status: score=51/50, host=mirapoint7.brutele.be
X-Junkmail-SD-Raw: score=bulk(1),
	refid=str=0001.0A0B0205.4A5CB04F.02B3,ss=3,pt=DBB_66867,fgs=12,
	ip=77.248.23.59,
	so=2008-09-22 23:22:13,
	dmn=5.7.1/2009-06-05,
	mode=single engine
X-Junkmail-IWF: false
X-Rcpt-To: <XXXXXXXXXX@XXXXXXXXXXXXXtight.com>
X-SmarterMail-Spam: SpamAssassin 19 [raw: 9.5], SPF_Neutral, DK_None
X-SmarterMail-TotalSpamWeight: 19

Code: Select all

From - Tue Jul 14 19:15:53 2009
X-Account-Key: account3
X-UIDL: sm_00002704_ff8eb53433c14b9e8b6c375357f2468b
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <postcodemg@aol.nl>
Received: from mirapoint3.brutele.be [212.68.199.148] by mail.uk1.lunarnetwork.net with SMTP;
   Tue, 14 Jul 2009 18:13:26 +0100
Received: from User (dhcp-077-248-023-059.chello.nl [77.248.23.59])
	by mirapoint3.brutele.be (MOS 3.8.7a)
	with ESMTP id AXU20382 (AUTH ale48378@teledisnet.be);
	Tue, 14 Jul 2009 19:11:46 +0200 (CEST)
Message-Id: <200907141711.AXU20382@mirapoint3.brutele.be>
Reply-To: <postcodewin@yahoo.com.hk>
From: "NL"<postcodemg@aol.nl>
Subject: Claims Requirements
Date: Tue, 14 Jul 2009 19:14:04 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Junkmail: UCE(51)
X-Junkmail-Status: score=51/50, host=mirapoint3.brutele.be
X-Junkmail-SD-Raw: score=bulk(1),
	refid=str=0001.0A0B0202.4A5CBCE3.0216,ss=3,pt=DBB_66867,fgs=12,
	ip=77.248.23.59,
	so=2008-05-01 23:44:25,
	dmn=5.7.1/2009-06-05
X-Junkmail-IWF: false
X-Rcpt-To: <XXXXXXXXXXXXXX@XXXXXXXXXXXXXXXXXtight.com>
X-SmarterMail-Spam: SpamAssassin 19 [raw: 9.5], SPF_Neutral, DK_None

[Hoi]

My email on this site is private and I have, after 3 years of using this email adress, no spam at all. Nothing.

[zwzsg]

Link Pink, I used a unique email address to register here, and like Pink, it's been spammed so much I discarded that email.

[SwiftSpear]

Hmmm, any administrator on the forums should have access to the email addresses, but I don't think an admin account can just pull the list of addresses off the forums, at least without a script to parse them or something, they are buried in the forum logic. How many people have database admin aegis? and is it possible any of those accounts are compromised?

[Regret]

Some botnets have power of several thousands (some way more) of infected PCs + todays average internet connection is quite fast. Don't be surprised to find spam on a email that you didn't even use. They can afford to spam whole domain names using random common word/number combinations as addresses.

[zwzsg]

No.

Because I don't receive spams from random word/number combinations I never used.