| ▲ | _ache_ 8 hours ago |
| I'm sorry, but that is not how email address are spammed in bulk. The data-source are the enormous data breach that are more and more frequent.
There is more intensive to collect more information on someone you already know something about than spamming an email you don't even know if it's a valid one. The spam can also be very more effective as it present itself with personal information about the spammed. |
|
| ▲ | curiousObject 8 hours ago | parent | next [-] |
| The OP put those addresses on that web page, and only on that web page. Some addresses received spam. Edit: that’s not to deny that big data leaks are a serious problem |
| |
| ▲ | _ache_ 3 hours ago | parent [-] | | I'm not denying that it happens.
I'm saying that it not the classical way to spam people nowadays. It's obvious to any non native english speaker, when you have a spam in english, it is because they toke the email from the web. When it's in you native language, it's usually from a data breach. I'm vastly more spammed by the later. I can confirm it with unique email addresses of the "+" form (but not with the + character). Also when I'm spammed in english, it's for Web3 crypto stuff and from a data breach it's a phishing attempt. | | |
| ▲ | notpushkin 2 hours ago | parent [-] | | I’ve run a small thingy last year, on its own domain, with a (project-specific) email in plaintext on the homepage. I’ve got a fair bit of spam to that address. But yeah, I’d say most junk mail is coming to (1) an address leaked from one Russian bank (!) I used, (2) the address listed in public business databases (I have a company in Estonia). |
|
|
|
| ▲ | 0x3f 6 hours ago | parent | prev [-] |
| If you're only passing the address in private to some service, you can just use [some-string-unique-to-that-service]@yourdomain.com. Or, more classically, plus addressing to do the same. Then you just block that recipient. That solution doesn't apply to the use case in the article. |
| |
| ▲ | GCUMstlyHarmls 6 hours ago | parent [-] | | Surely spammers just turn `me+leaked/sold@mail.com` into `me@mail.com` as well as `me+apple@mail.com`, `me+softbank@mail.com` etc. The cost of stripping any `+postfix` must be about zero even at volume. | | |
| ▲ | 0x3f 6 hours ago | parent [-] | | Some people block all mail to non-plus-addressed emails on that inbox, so a plus address is required to be received at all. You could say then spammers will just add a random one, but they wouldn't be getting bounces and would have to guess as much. Still, even stripping the +'ed part is beyond what most of them even bother to do. That dropoff plus normal spam filters works well enough. |
|
|
