Email Append and New Domain Spam

Spam to a new domain isn't uncommon. Lots of spammers comb whois, search the web, scrape forums, looking for any domain they can find, and then they try mailing to variations of made up addresses at that domain to see if they get through to a real live mailbox. So, setting up a new domain, and catching all email to the domain, this invariably means that very soon after creation, I'm likely to get 200 pieces of the same spam, addressed to different made-up address variations.

But this time around, it's happening a little bit differently.


My wife and I decided to put up a website with a few pictures from our recent marriage. We registered a new domain for that purpose, in the last few days of 2008. Fast forward to a few days ago, and I set up mail forwarding for the domain. A catch-all address (anything@domain) to see what would come through, and to prepare to use the domain to receive emailed RSVPs to our upcoming reception.

They very first email to come through wasn't your typical spam. It looks like it was sent by an email service provider, and it looks like somebody trying to reach a person named William. The message seems to be "legitimately" coming from daytimer.com, and it's telling William about his "Day-Timer® Refill Reminder." I assume this some sort of Franklin planner-like thing, sold by Day-Timer, a division of ACCO brands.

So how do they have this address? How do they even know about this domain? This guy William is apparently a real customer of theirs. But how do they think I'm him?

I have a theory, and it goes like this. First, I register all my domains with my Chicago office address. Next, my office is in a mixed use building, with a large number of apartments, in addition to the offices and retail. Any time you have a large enough apartment building, you get companies who have had some guy living at some address in that building at some point in time. So, my guess is, William, or somebody with the same name, lived in that building at some point in recent history.

Then add email append into the mix. When email append is done badly, as it almost universally is, sometimes people will be happy to take an "address match" or "household match." Meaning they'll be happy if they match a person based on their street address, instead of matching their name (and gee, maybe even getting permission to mail that person). So, my theory is that perhaps this company is buying whois (domain ownership data), or working with an email append company who uses it, and they noticed this new domain, matched it to an offline record (a customer record where the customer did not give them an email address), and decided that this must be our guy William, so they dropped in an address at our new domain and called it a match.

If that's what happened here, it highlights how useless email append is. William isn't getting his valuable message - I am. It's spam to me (and honestly, it would be spam to William, too), because the owner of the email address didn't proactively opt-in to receive this messaging. It's perfectly legal spam, but spam nonetheless.

For now, I've blocked the address they're using, we'll see if it bounces and they remove the address. After a while, I'm going to call it a spamtrap and feed it straight into a spam filter. I've also reported it via a couple of the various spam reporting conduits, seeing if anyone finds the information useful for blacklisting or other stuff.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.