

Ask HN: A business sold my email. What can I do about it? - sbeckeriv

I have used the + feature in gmail for a while now. I finally received spam from one of these emails. I bought something on mace.com 4 years ago and today I received an email from NewYorkLife.com acarapezza@ft.newyorklife.com via mailchimp to the same address.<p>I reported as spam to mailchimp. I told gmail it was spam. I also emailed mace&#x27;s support address asking them to remove me from the list emails they are selling. Searching google I see lots of suggestions to use the + feature but never what to do after catching someone using it.<p>Is there anything else I can do about it?
======
jewel
I do the same thing, but instead of plus addressing I give each vendor a
unique email at my domain. I now receive spam on my mint, geico, tumblr,
lendingclub, disney, adobe, and dropbox addresses. In my case it's always
outright spam instead of something remotely legitimate.

Your situation seems different than mine. I think my addresses were taken
during a security breach instead of being sold by the company.

In my case I just change my address with the company to dropbox2@, and block
the original address.

I also have a friends-and-family email address that isn't published anywhere
online that finally started receiving spams. I think it was taken from a
neighbor's address book in hotmail when he got phished.

I think a possible long-term solution would be for everyone to have a unique
address for everyone else. The email software would auto-negotiate a unique
address after your first communication with the person, creating a pairing
similar to a friendship on a social network. I'm getting off-topic, but here's
a link explaining what I mean a bit more:
[http://stevenjewel.com/2014/02/clearskies-
chat/](http://stevenjewel.com/2014/02/clearskies-chat/) (It's about
decentralized IM instead of email, but the same antispam technique would work
for either.)

~~~
nitrogen
_In my case I just change my address with the company to dropbox2@, and block
the original address._

I suspect some spambots just try common dictionary and business words at
domains with valid MX records.

~~~
jewel
I don't think so. Here is my experience so far. For background, I don't run a
spam filter at all and host my own mail on a enterprise fiber line that's
unlikely to have ISP-level filtering. (If they do have it, it's terrible,
since it doesn't even block email that has a certain product targeted at males
mentioned in the subject line and spelled correctly.)

I've only seen what would be considered dictionary attempts for four
addresses, info@, admin@, sales@, and support@ but only on a few of the
domains.

A few years ago I started getting spam at random hexadecimal addresses at two
of my domains, such as 72da48ba6@, about two spams per address per day. There
turned out to only be ~ 800 unique addresses that were targeted, and so it was
easy to block. What I think happened is this case is a address-to-spam-list
creator padded his lists manually before selling them to make the list size
bigger. I still get email at those 800 addresses, but no new hexadecimal
addresses since I blocked the original set.

~~~
stevekemp
I have a different explanation for the hexadecimal addresses.

I get maybe 30 a day, from numerous sources, and they actually turn out to be
legitimate message-IDs which were generated by my host when replying to public
mailing-lists.

I think some kind of automated spider decided they were mail addresses.

~~~
jewel
Oh, I hadn't thought of that. That makes perfect sense.

------
ehPReth
I use a random email alias on a domain I own for each company I deal with.
Generate one, throw in a database. For example: HN could be
8o0yxfkzleeftylr3dmb@example.com.

When I get incoming spam I can look up who the address is assigned to, cut off
the alias and then take further action such as notifying the company, giving
them a new email, or cutting ties with them.

I don't bother with retribution (would take too much time) -- if the company
is unwilling to acknowledge the incident or it happens multiple times I cut
the cord and move on.

------
puredemo
You could basically file suit, not sure it would be worth the time and effort
though.

Hell, even a $500 small claims court suit might make for a good option.

~~~
sbeckeriv
Does some offer this as a service yet?

~~~
puredemo
Your local courthouse?

------
sbeckeriv
Follow up: After some back and forth with support they are forwarding it to
the "webmaster". They do not sell emails so no small claims. I will be
following up with them.

Thanks!

------
tonteldoos
I doubt it'll be worth your time trying to get something out of it. My
experience is that they'll say sorry, and keep on doing it anyway.

Depending on how often they sell the info, you can just change your address
with them, and permanently scuttle the original address (saves you from having
to look at spam, etc).

~~~
tonteldoos
Forgot to mention - if they'd sold it once, they probably sold it more than
once - you just haven't received mail from anyone else yet. Even more reason
to just scuttle the address now.

If more people do this, then hopefully selling information like this will
become less lucrative over time.

~~~
sbeckeriv
I assume they sold my email. I have no supporting evidence that they did. I
did receive an email back from support saying they don't sell email addresses.
I replied with more information.

I did just noticed 5 days before I received spam to the same email address
from

Copyright © 2014 Amazon.com Best Sellers, All rights reserved.

Our mailing address is: Amazon.com.bestsellers@gmail.com

