SpamBastard–1aauto.com

I had an application idea at one time and actually finished writing it, but ended up never doing anything with it once it was live.  It was spambastard.com and its purpose was to catch companies that would sell, lose, or otherwise mishandle your email address info.  The concept was simple.  You sign up for their site using their domain name @spambastard.com and if any email comes in with a mismatch between the FROM domain name and the TO domain name (as the username, before the @), the email address would be considered compromised.

That domain and application is long dead, but I’ve been able to replicate the same concept with my personal email domain.  That eliminates the hassle of creating a second account for every site I sign up for (one with my real email and one with a spambastard email).  To date, I’ve only had a few cases where I’ve had to take action.  Those cases are:

  • albumartexchange.com – There are many people including myself who posted on their forum and complained that they received PayPal phishing emails to their unique email address.  The website did not respond.
  • lakelandlelectric.com – That debacle was chronicled already.  The utility company did follow up with an explanation of how it happened and how the process was unfortunately legal.  They said they would push for tougher laws on keeping customer information private.  This prompted a follow-up email from the spammer who was incredulous that government would try to reduce transparency.  See, transparency is only good when it works in your favor.
  • paypal.com – This got compromised after only nine people knew of its existence.  Whether it was sold or stolen, I don’t know for sure, but I am pretty confident that some eBay seller has a compromised account and a spammer is looting their customer list.

Now we can add to the list – 1aauto.com.  I placed an order with their site in January (remember when the punks broke the mirror off my car?).  Today, I get a political email from John Kasich’s New Day For America to that email.  So I immediately send a message to 1aauto.com saying they’ve either sold or given away my info or their customer database has been hacked.  So which is it?  I got a pretty quick response.

Hello and thank you for your email.

I do apologize that you received a spam email to your account. I can assure you that your information is secure and we have not experienced any kind of hacking. We do keep our customer information confidential and secure and have several measures put in place to prevent against fraud and stolen identity.

Thank you for notifying us. We will keep tabs on this and look into what we can do to prevent this from happening in the future.

So, I guess the answer is the owner sold out his customers to promote his choice of political candidate.  The fact that this happened at all negates the statement “We do keep our customer information confidential“.  As far as what they can do to prevent it from happening in the future, that’s simple.  Don’t do what you did again.

Thanks to spam law requirements, the spam email footer confirms the email address that it was sent to.  It tells me that I was added to the list on 2/24/16 via opt-in (gee, I don’t remember that), and gives me ways to unsubscribe.

There’s no sense in unsubscribing.  The email address is out in the wild and is now worthless.  Do I want to spend my life unsubscribing from every email campaign that gets that email or do I want to kill off the email?  The choice is pretty simple.

This scenario makes me pity people who only have a single email address, like @gmail.com or @outlook.com or @yahoo.com.  They don’t have the option of closing their account or changing their address.  Consider how easy it is for me, every email (except my personal email) is known to exactly one company.  Email gets compromised, only one place to change it.

Comments are closed.