[Another explanation is that spammers are employing a dictionary attack. Without knowing what email address Charles obtained we don't know, but it's conceivable that if he was lucky enough to get, say, charles100@private, it would be trivially discoverable by spammers who send to charles1@, charles2@ until they get a bounce. This is another reason to avoid msn.com, yahoo.com, aol.com, and preferably buy your own domain name. --Declan] --- Date: Mon, 13 Oct 2003 01:29:11 -0400 (EDT) From: Charles Platt <charles@private> To: Declan McCullagh <declan@private> cc: Charles Platt <charles@private> Subject: Spam via Yahoo? OK for politech or any other public list. Here's the chronology. Times are approximate. 10pm October 12: Set up a webmail account from scratch. No one in the world knows the address that I just invented. I have used this webmail provider for other email addresses in the past, and I don't think they share customer data. I never received any spam at those previous addresses. 11pm October 12: I provide personal data (including my email address and birth date) to Yahoo when I register for one of their services. Check their privacy policy, which is full of evasions. With extreme difficulty, locate their "opt out" page which has already autosubscribed me to about fifteen junk newsletters and other promotional materials. The user is not shown this page by default. The naive user will be deluged with crap before (s)he ever figures out what happened. Hit all the "No" boxes. Submit my preference. A message warns me, "Your changes may take five days to take effect." FIVE DAYS? This is inexcusable--but is long enough for Yahoo to sell my email address to numerous "business partners," no doubt. Midnight October 12: Check my new webmail account. Yahoo is still the only entity in the world that knows this address (or should be). But already here is my first piece of spam. Porno spam, as it happens. Something about "women performing acts on the farm." Noon October 13: Try to find a way to complain to Yahoo. They have many options to enable (and encourage) complaints against "outsiders" who send spam to Yahoo's internal system of user mailboxes. Of course Yahoo deplores such a violation; it steals their disk space and makes no money for them. But they have no option for me to complain against spam that seems to originate via Yahoo itself and ends up in my mailbox outside their system. Presumably Yahoo denies that such a phenomenon exists. I send a general complaint anyway. No reply yet. 10pm October 13: Three more pieces of spam in my new mailbox, one of them advertising penis enlargement. Recently I read that Yahoo is increasing its revenues. I now have a clue about the way in which this miracle may have been achieved. --CP PS. I used Ad-aware to clean my hard drive, then visited Yahoo, then ran Ad-aware again, and it found a couple of new files which it suggested I should place in quarantine. Perhaps there is an explanation that exonerates Yahoo from playing fast and loose with my contact info. If so, I'd love to hear it. _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Wed Oct 15 2003 - 06:18:18 PDT