Today, for the 1st time, I got a spam email (not related to Avast) on an email address I have provided ONLY to Avast (both for registration purposes and for this forum). This email address is hidden on this forum, so it’s not (supposed to be) publically available.
I see someone posted something similar awhile back:
I am pretty disappointed in getting spam on an email address provided to a company that makes a security product I pay for.
Anyone care to comment? The situation is the same as the above post - the email address is VERY VERY unlikely to have been guessed in a dictionary attack - someone likely has sold or stolen the email address from Avast or from this forum.
This is certainly disturbing, even though I’m not quite sure how it could happen.
Where is the mailbox hosted – your ISP? Couldn’t it be relayed to all mailboxes on the ISP?
I’ve seen mails where my mail wasn’t even listed under recipient, yet i also got the spam mail. I guess sometimes spammers just try to guess addresses and send them randomly. And out of many that fail to be send, they probably hit some properly.
there’s been an issue recently with the registration form in V5/free, and servers sending mails. I didn’t get any, but many did. Think it was related to an Avast mailing list…
Presumably you read the whole topic that you gave the link to and there are many reasons why you can get spam on an email that you only use for one purpose. As I said in that topic, I get spam on an email address that has never been used, so who should I hold to account ???
I will re-read it to check for other possibilities; but the fact that my email address is a pattern that would be so unlikely to guess by means other than by getting it from the source makes me doubtful it was gotten any other way.
In my entire life of using “tagged” email addresses, one per company, website or organization I give it to, only about 3 (out of hundreds, if not thousands) have resulted in spam to that tagged email address. United Airlines was one, so even the big guys are not immune (indeed, a bunch of other people had the same problem, and were considering a class action lawsuit). The others were sketchy companies to begin with (eg. VistaPrint).
Several years ago, I created a new email address with the local ISP I was using at the time. Usually, it would take about 30 minutes for the system to activate the email address. When I tested accessing the account for POP3 and SMTP use about 45 minutes after creating it, there were already 3 spam messages in it. No one but the ISP beside myself even knew about this address. Inside job was the only explanation. It was likely that some employee at the company with access to the mail servers were placing them locally. Could have been compromised servers though.
Yes, there’s always the chance that anyone in the stream between myself and the Avast! people themselves (including their ISP/hosting company, forum moderators or other people involved in supporting their websites and managing their mailing lists) may have nabbed it. Unlikely that it was my ISP or a common man-in-the-middle attack, though, since it is EXTREMELY RARE that this happens. SO rare, that it implies to me that it’s someone on the side of the organization I gave the email address to.
I don’t create email accounts, anyway - ALL email of ANY address goes to my domain email box, and from there I sort it as I see fit. I sort those matching the pattern I use for emails provided to 3rd parties into a mailbox just for those (using procmail filters), so it’s really easy to catch if something appears that isn’t from the company I gave it to. In any case, there is nobody on my side that has anything to do with email accounts - it’s just a SOMENAME@MYDOMAIN.COM address, and I do whatever I want, based on SOMENAME.