Who has your personal information?

Be careful about giving your information out for sweepstakes.

I signed up for some sweepstakes hosted by Peel.com on May 6, 2003. Like I always do, I gave them a tagged (unique) address, so I could tell how my address was used (or misused) later. Flash forward a few years. I've since moved, and am not running my own mail server at the moment. I'm still getting tons of spam every day, and occasionally I want to search through it for various things, so I forward the spam into one of a couple different Gmail accounts. I check them periodically, weed out any non-spam with forwarding rules and so forth, and keep an eye out for anything that looks interesting.

Which brings us back to Peel.com. From September 20th thru October 8th, I've received 22 spams to the address I gave only to Peel.com. Personally identifiable information in the mails reinforces my belief that whoever is sending me this mail has access to all the information I gave out when signing up for this sweepstakes.

The messages do not identify themselves as a commercial advertisement, do not contain the postal address of the sender, and do not include a mechanism to opt-out. These are all clear violations of the US CAN-SPAM law. None of the company or companies behind the mail haven chosen to identify themselves. Each of the 22 messages has a different sender, a name of an individual, which I suspect is false.

Links in the messages seem to drive to various sites hosted on Geocities. I haven't clicked on the links to find the actual destinations.

The subject lines are a combination of the nonsensical and deceptive. Examples: "Bad info on your Experian Credit Score", "Shipment Info", "Superintendent was just suspended from work", "Credit score resolution submitted", et cetera. The source IPs are from the UK, Australia, China, and other places. I assume they're infected computers on broadband connections.

This is a perfect example of how NOT to handle customer or recipient data. I don't know if Peel.com is behind the sending of this mail, or if they are just list brokers that sell the captured data to whoever can afford to pay, or what. If this is a situation where Peel.com is feeding this data to a co-reg list broker, then we've got the perfect example of why you shouldn't ever buy a co-registration list, because the recipients on these lists are already probably receiving deceptive messages, and your messages are not likely to be any more warmly received.

Let's be clear. I don't even know who is sending these messages. All I know from the data I have in my inbox is that I'm getting spams to an address that I gave only to Peel.com, and it contains information that I reasonably believe that I gave only to Peel.com. I have no idea what happened to it from there, but whatever happened, there seems to be a connection between me submitting my personal information to a web form on Peel.com and me now receiving deceptive mail routed through computers overseas.