Cool idea (does it exist?) - Find websites that sell your email address

[mouser]

Martin over at ghacks has a blog post up today about a tool that can scan (spider) a website and look for any pages that might be displaying your email address.

This can be useful to help you figure out if a forum is somehow showing your email when you post, etc.

But it got me thinking..

People always wonder if a site like DC, which tries hard to encourage people to sign up at our forum and newsletter, is actually doing this in order to collect emails to sell to spammers, etc.  I can say (and do on various pages on the site) unequivocally that this is something we don't do, will never do, and take very seriously.  We don't share the emails of our members with anyone, ever, for any reason.

But how do you know? And what about other sites?

What would be good is a website whose only purpose was to register at other websites, using a UNIQUE email address given ONLY to that website, and then monitored and reported if that email was ever used in any email(spam) from someone OTHER than the original website.

Are you following me?

So for example the website would have a chart that looked like this:

Original Website Where Email Address was Submitted	This Email Subsequently Received Spam From	Date of First/Last Foreign Spam
MyFaceSpace dot com (Jan 2004)	SellYourHomeForFiveDollars dot com, civigrathemagicmedecine dot com	Jan 2004 / Dec 2009

This would be a site that people could visit to check to see whether a website was selling email addresses of its users and could be really helpful.

--

Does such a web service already exist?

[Deozaan]

That's a great idea!

I signed up for an account at a site that said it didn't share my info with anyone and now I'm getting spam to that address. I know it was from them because in my gmail account I set up a dummy [username]+[SiteIsignedUpFor]@gmail.com

so for example, if my e-mail username was billybob and I signed up at somedumbsite.com, I'd do something like billybob+somedumbsite  ( at ) gmail.com

Now I'm occasionally getting spam to that e-mail address. To make matters worse, I e-mailed the site asking for more info about their privacy policy and why I'm getting spam from them and they never replied. What makes it most sad is that I've carefully protected that e-mail address for over a year and this is the first and only spam I get in it. Not counting e-mail from Xara, who won't unsubscribe me from their "special offers" list after I bought X1 from them some time ago.

[PhilKC]

Sounds a bit like something McAfee do; SiteAdvisor. It gives some basic stats about how 'nice' websites are, examples follow:

http://www.siteadvis...es/donationcoder.com
http://www.siteadvis....com/sites/bbc.co.uk
http://www.siteadvis...m/sites/slashdot.org

Phil

[mouser]

siteadvistor is a very nice service - i didn't remember they had something very close to my email testing idea(!)

so they do track emails received.. though they seem to do it on a somewhat ad hoc basis.. many sites they dont seem to report email results.  also i don't know how careful they are about using different domain names when signing up to prevent being filtered out.

does seem like they had the same idea though. 

[Deozaan]

Hmm, I just used siteadvisor to check out the site I complained about giving me spam and it says the site is okay. But it doesn't have any e-mail results yet.

[superboyac]

That's a great idea mouser.  A unique email for each site that can be tracked.  How would you do this, though?  You'd have to create an individual email address for each site, and then you'd have to go through the whole verification process with address, phone number, that random word verification test at the end, and so forth.  It would be hard to automate such a thing.  but if you could, that would be very useful.

[BuBBy]

I use sneakemail.com  -  case in point
http://www.giveawayo...om/forums/topic/1294

[VSiAQ]

I would highly recommend spamgourmet - http://www.spamgourmet.com/ 

Protect yourself from spam in three easy steps:

1. If you haven't done it yet, create a spamgourmet account. Enter your user name and the email address you want to be protected. You will be asked to identify the word in a picture and pick a password.

2. Spamgourmet will forward to this address all the emails sent to your spamgourmet disposable addresses -- that way you don't have to tell anyone else what it is -- this is why it's called the protected address. Of course, this protected address must exist. That's why you have to confirm it. You'll receive an email asking you to confirm.

3. After you have confirmed your protected address, you can give out self-destructing disposable email addresses whenever you want. The disposable addresses are like:

[email protected]

where someword is a word you have never used before, x (optional) is the number of email messages you want to receive at this address (up to 20, and the number 3 will be used if you leave it out), and user is your username.

For example, if your user name is "spamcowboy", and BigCorp wants you to give them your email address (on the web, on the phone, at a store - it doesn't matter), instead of giving them your protected address, give them this one:

[email protected]
(and [email protected] will work the same way)

This disposable email address will be created here the first time BigCorp uses it (you don't have to do anything to create it), and you'll receive at most 3 messages, forwarded to your protected address. The rest will be indelicately consumed.

[mouser]

there are a lot of disposable email services.
but i think it would be much more useful to have a way of knowing which websites are selling their email lists, as a way of deciding which websites you should trust.

[Carol Haynes]

True - disposable addresses are only really an interim solution.

The other problem is not "who can I trust" but also "how long can I trust them"? Successful websites/web businesses seem to be sold on with increasing vigour these days. Not surprising really if you suddenly get offered a lot of money. Once it changes hands there is no way of know how the new owners are going to try and recoup their costs.

I trust Mouser implicitly with privacy on DC but if a big firm came and offered him $10m he might have pause for thought!

[mouser]

It's a good point carol.  In fact in the corporate world this "trick" is employed so much it's kind of sick.  If a company's reputation suffers too much or they need to do something against previous promises, OR if the CEO massively embezzles stockholder funds, the solution is usually to change the name of the company, merge into another company, or replace the CEO and say "that was the old Company X, we are now company Y and we don't have any obligations or responsibilities based on what company X did.  Quite a nice scam they have going.

Anyway, no big business has ever contacted me expressing interest in buying DC and it seems very unlikely that something like that will ever come up. DC doesn't make enough for anyone to care, and i don't want to sell it.  I have too much fun with you guys.  If anything, I think there is a good chance DC will apply for official non-profit status in the future.

But the main thing protecting you from such an event is that this is a community site -- no big changes will be made without consulting with you guys first and getting approval.  Your email is your own, we have never shared member emails with anyone and won't.

[Renegade]

Don't be so sure that just because you sign up at a site that they are spamming you or selling your email address to spammers.

I've got a domain with 1 email address. I have NEVER used the email address except at that site and it's not publicly available unless you sign up, in which case you get an email from it. But even before 1 person had signed up, I was getting spam through that address.

One of the most common ways (and indeed the best way) to gather email addresses is through bots on a computer. Once you've got an infected client, you search through their email client for addresses. All these addresses (mostly) are guaranteed to be real people or at least live addresses. You don't need to clean them either, e.g. removing 'dontspamme' from [email protected].

In short, if you use an email address, you WILL get spam because the people you send email to will eventually expose your address to spammers. It's only a matter of how long it is before you start getting spam.

Ok - enough of that - here's a brain fart...

Imagine an experiment where several people sign up for domain names then get email addresses at them. The email addresses are obviously not in any spam list if chosen properly, e.g. [email protected], [email protected], [email protected], [email protected], [email protected] and others like those are obviously already going to be spammed. But '[email protected]' or '[email protected]' are unlikely to be in that list. So... Everyone emails each other at least once, an perhaps uses an automatic program to send everyone in the experiment an email once a month (or whatever). How long is it before those addresses start getting spam? Can you track the source? Does everyone use a different email address for everyone else and the server uses forwarding to help track it, e.g. mouser has '[email protected]' to send email to me, but Ralf Maximus has something like '[email protected]' to send email to me.

Too much trouble to setup really, but it would be interesting to know.

[markfarrar]

I used to use SpamGourmet a lot, but I'm finding more and more sites that I want to subscribe to (e.g. to get free offers, reports) are refusing to accept email addresses from there, and from other disposable services too (e.g. http://www.jetable.org/).

[IQLover]

What would be good is a website whose only purpose was to register at other websites, using a UNIQUE email address given ONLY to that website, and then monitored and reported if that email was ever used in any email(spam) from someone OTHER than the original website.
....

Does such a web service already exist?

-mouser (October 25, 2007, 01:20 PM)

Hi Mouser,

I know this Problem for a long time and that's why i ALWAYS use so called disposable email-addresses 2 sign up with any sites! Mostly I use addresses from SpamGourmet.com NOW, I don't know if a website like you write about does exit but I can definitelly report 2 Sites that are selling members email-adresses (or mey be just do not protect them well enough):

1) Steekr.com
2) Joost.com

Hope this helps ...

[stylecrime]

I host my own domain + email server, so it may be easier for me to do this than for other people, but I create aliases for my actual email address based on the names of the web sites I need the address for.

To explain:

My real address is [email protected].  If I'm registering at dodgysite.com, I create an alias, [email protected], and register with that address.  If, at any point in the future, I start getting spam addressed to [email protected], I not only know which site leaked my address, but I can just delete the alias and the spam stops!

[mouser]

all these ideas about ways to prevent being inundated by spam by using different email addresses are good ideas, no doubt about it. and surely we will see more developments in this area in the future.

however i should just point out that i'm really talking about something completely different -- a way to figure out which sites are trustworthy in general by seeing which sites share the email addresses of members.

[Renegade]

I host my own domain + email server, so it may be easier for me to do this than for other people, but I create aliases for my actual email address based on the names of the web sites I need the address for.

To explain:

My real address is [email protected].  If I'm registering at dodgysite.com, I create an alias, [email protected], and register with that address.  If, at any point in the future, I start getting spam addressed to [email protected], I not only know which site leaked my address, but I can just delete the alias and the spam stops!

-stylecrime (November 09, 2007, 12:48 AM)

Unfortuneately, this isn't always the case. If you get a virus - that theory is out the door. If you accidentally send an email to someone from that address, again, it's out the door.

Spammers also have tools to make up addresses that are likely to hit.

The problem is that so often you just can't know with certainty about these things. You can gain confidence in a conclusion, but proof/truth is elusive.

Using the alias is certainly a very good idea though! A friend of mine used to do that years ago with Bigfoot when Bigfoot was new. That was the first time I'd heard about the tactic. Still works today!

[dlagesse1992]

Yeah, SiteAdvisor (kind-of?) does what you're thinking of. Well, at least is integrated, and easy to check before you do anything...
As for signup on sites, I have a spam email address and use BugMeNot whenever possible. DC, for instance, is a trusted site, so gets my real address, but that might not be trustworthy goes to spam.