Skip to content

Top Best Ask Show New Jobs

Ask HN: A business sold my email. What can I do about it?

11 pointssbeckeriv11y ago13 comments

I have used the + feature in gmail for a while now. I finally received spam from one of these emails. I bought something on mace.com 4 years ago and today I received an email from NewYorkLife.com acarapezza@ft.newyorklife.com via mailchimp to the same address.

I reported as spam to mailchimp. I told gmail it was spam. I also emailed mace's support address asking them to remove me from the list emails they are selling. Searching google I see lots of suggestions to use the + feature but never what to do after catching someone using it.

Is there anything else I can do about it?

13 comments

11 comments · 5 top-level

jewel11y ago· 2 in thread

I do the same thing, but instead of plus addressing I give each vendor a unique email at my domain. I now receive spam on my mint, geico, tumblr, lendingclub, disney, adobe, and dropbox addresses. In my case it's always outright spam instead of something remotely legitimate.

Your situation seems different than mine. I think my addresses were taken during a security breach instead of being sold by the company.

In my case I just change my address with the company to dropbox2@, and block the original address.

I also have a friends-and-family email address that isn't published anywhere online that finally started receiving spams. I think it was taken from a neighbor's address book in hotmail when he got phished.

I think a possible long-term solution would be for everyone to have a unique address for everyone else. The email software would auto-negotiate a unique address after your first communication with the person, creating a pairing similar to a friendship on a social network. I'm getting off-topic, but here's a link explaining what I mean a bit more: http://stevenjewel.com/2014/02/clearskies-chat/ (It's about decentralized IM instead of email, but the same antispam technique would work for either.)

nitrogen11y ago

In my case I just change my address with the company to dropbox2@, and block the original address.

I suspect some spambots just try common dictionary and business words at domains with valid MX records.

jewel11y ago

I don't think so. Here is my experience so far. For background, I don't run a spam filter at all and host my own mail on a enterprise fiber line that's unlikely to have ISP-level filtering. (If they do have it, it's terrible, since it doesn't even block email that has a certain product targeted at males mentioned in the subject line and spelled correctly.)

I've only seen what would be considered dictionary attempts for four addresses, info@, admin@, sales@, and support@ but only on a few of the domains.

A few years ago I started getting spam at random hexadecimal addresses at two of my domains, such as 72da48ba6@, about two spams per address per day. There turned out to only be ~ 800 unique addresses that were targeted, and so it was easy to block. What I think happened is this case is a address-to-spam-list creator padded his lists manually before selling them to make the list size bigger. I still get email at those 800 addresses, but no new hexadecimal addresses since I blocked the original set.

puredemo11y ago· 2 in thread

You could basically file suit, not sure it would be worth the time and effort though.

Hell, even a $500 small claims court suit might make for a good option.

sbeckerivOP11y ago

Does some offer this as a service yet?

puredemo11y ago

Your local courthouse?

tonteldoos11y ago· 2 in thread

I doubt it'll be worth your time trying to get something out of it. My experience is that they'll say sorry, and keep on doing it anyway.

Depending on how often they sell the info, you can just change your address with them, and permanently scuttle the original address (saves you from having to look at spam, etc).

tonteldoos11y ago

Forgot to mention - if they'd sold it once, they probably sold it more than once - you just haven't received mail from anyone else yet. Even more reason to just scuttle the address now.

If more people do this, then hopefully selling information like this will become less lucrative over time.

sbeckerivOP11y ago

I assume they sold my email. I have no supporting evidence that they did. I did receive an email back from support saying they don't sell email addresses. I replied with more information.

I did just noticed 5 days before I received spam to the same email address from

Copyright © 2014 Amazon.com Best Sellers, All rights reserved.

Our mailing address is: Amazon.com.bestsellers@gmail.com

ehPReth11y ago

I use a random email alias on a domain I own for each company I deal with. Generate one, throw in a database. For example: HN could be 8o0yxfkzleeftylr3dmb@example.com.

When I get incoming spam I can look up who the address is assigned to, cut off the alias and then take further action such as notifying the company, giving them a new email, or cutting ties with them.

I don't bother with retribution (would take too much time) -- if the company is unwilling to acknowledge the incident or it happens multiple times I cut the cord and move on.

sbeckerivOP11y ago

Follow up: After some back and forth with support they are forwarding it to the "webmaster". They do not sell emails so no small claims. I will be following up with them.

Thanks!

j / k navigate · click thread line to collapse