[Politech] Charles Platt on spam from Yahoo? or not? [sp]

From: Declan McCullagh (declan@private)
Date: Wed Oct 15 2003 - 05:35:19 PDT

  • Next message: Declan McCullagh: "[Politech] Court rules attaching GPS bug to cars requires warrant [priv]"

    [Another explanation is that spammers are employing a dictionary attack. 
    Without knowing what email address Charles obtained we don't know, but it's 
    conceivable that if he was lucky enough to get, say, charles100@private, 
    it would be trivially discoverable by spammers who send to charles1@, 
    charles2@ until they get a bounce. This is another reason to avoid msn.com, 
    yahoo.com, aol.com, and preferably buy your own domain name. --Declan]
    Date: Mon, 13 Oct 2003 01:29:11 -0400 (EDT)
    From: Charles Platt <charles@private>
    To: Declan McCullagh <declan@private>
    cc: Charles Platt <charles@private>
    Subject: Spam via Yahoo?
    OK for politech or any other public list.
    Here's the chronology. Times are approximate.
    10pm October 12: Set up a webmail account from scratch. No
    one in the world knows the address that I just invented. I
    have used this webmail provider for other email addresses in
    the past, and I don't think they share customer data. I never
    received any spam at those previous addresses.
    11pm October 12: I provide personal data (including my email
    address and birth date) to Yahoo when I register for one of
    their services. Check their privacy policy, which is full of
    evasions. With extreme difficulty, locate their "opt out"
    page which has already autosubscribed me to about fifteen
    junk newsletters and other promotional materials. The user is
    not shown this page by default. The naive user will be
    deluged with crap before (s)he ever figures out what
    Hit all the "No" boxes. Submit my preference. A message warns
    me, "Your changes may take five days to take effect." FIVE
    DAYS? This is inexcusable--but is long enough for Yahoo to
    sell my email address to numerous "business partners," no
    Midnight October 12: Check my new webmail account. Yahoo is
    still the only entity in the world that knows this address
    (or should be). But already here is my first piece of spam.
    Porno spam, as it happens. Something about "women performing
    acts on the farm."
    Noon October 13: Try to find a way to complain to Yahoo. They
    have many options to enable (and encourage) complaints
    against "outsiders" who send spam to Yahoo's internal system
    of user mailboxes. Of course Yahoo deplores such a violation;
    it steals their disk space and makes no money for them. But
    they have no option for me to complain against spam that
    seems to originate via Yahoo itself and ends up in my mailbox
    outside their system. Presumably Yahoo denies that such a
    phenomenon exists. I send a general complaint anyway. No
    reply yet.
    10pm October 13: Three more pieces of spam in my new mailbox,
    one of them advertising penis enlargement.
    Recently I read that Yahoo is increasing its revenues. I now
    have a clue about the way in which this miracle may have been
    PS. I used Ad-aware to clean my hard drive, then visited
    Yahoo, then ran Ad-aware again, and it found a couple of new
    files which it suggested I should place in quarantine.
    Perhaps there is an explanation that exonerates Yahoo from
    playing fast and loose with my contact info. If so, I'd love
    to hear it.
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)

    This archive was generated by hypermail 2b30 : Wed Oct 15 2003 - 06:18:18 PDT