DNSStuff Leaking Addresses?

I've talked about my issues with DNSStuff previously, but today, I've run across a new issue. It looks to me as though somehow, email addresses given to DNSStuff are ending up in the hands of a spammer.

On May 16, I received mail from somebody called "CMS Insider," from a Romanian IP address (, sending me "Webmasters Newsletter - Joomla Upgrade 1.5.17 and other CMS news."

I reported it as spam, while grumbling to myself, wondering how they came to have my Gmail address - I rarely post it publicly, though it's also not that secret. I figured I'd never find out how they got it.

A few days later, my friend Evan mentioned that he received the same spam. In his case, he received it at a unique (tagged) address that he gave only to DNSStuff. He showed me a screen shot of everything received at this address, and the only other messages were periodic mailings from DNSStuff. He gave them his email address during registration, necessary to use some part of their site.

I looked back in my email address to see what address I used to register with DNSStuff, and lo and behold, it was my Gmail address. This is very compatible with a hypothesis that addresses given to DNSStuff are somehow reaching this CMS Insider spammer.

Maybe DNSStuff didn't do this on purpose. Maybe it was a data breach of some sort. (There's been too many of those lately.) Either way, I'm not too happy, as now I've got another email address out in the wild, in the hands of spammers. Yuck.


  1. I've just had a spam email sent to a tagged dnsstuff-only email address too, seems like the data breach theory is correct.

  2. Add two more tagged email addresses to that list.

  3. It looks like they're selling addresses; I signed up with a unique address, and didn't pay for any services (only used the free options). Lo and behold, a few weeks later it started getting spam to that account only.


Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.