Jerry πŸ¦™πŸ’πŸ¦™2d ago
Seems perfectly normal to get an unsolicited offer for the contact info of people attending a European security conference, right?
Show threadStephen Hoffman

@jerry Attended a tech conference some years ago, and used a conference-specific email forwarder.

That email was used exclusively for the conference, and received only conference-related mail β€” until ~four years later, the newly-reorganized organizers and other senders all started spamming that email.

Old databases don’t go away.

But that email forwarder sure did.

Apr 2 at 3:58pmWeb
Show threadPaul_IPv61d ago

@HoffmanLabs @jerry

yup. i've had "single use" emails that were dormant for over 12 years suddenly start spewing spam. i also regularly get spam to emails that have never existed (i've been only owner of the domain name) and never worked. a couple of these broken emails have been hit for decades.

old databases don't go away and are never cleaned up. just resold to other spammers.

Show threadJerry πŸ¦™πŸ’πŸ¦™1d ago
@paul_ipv6 @HoffmanLabs the amount of spam I get to [email protected] is beyond all comprehension. Usernames look like email addresses and every crawler seems to have found them.
Show threadPaul_IPv61d ago

@jerry @HoffmanLabs

crawlers are the worst.

by far the most spammed email i still let through is one on an IETF RFC. at some point, a spammer scraped all the RFCs and put it into a commonly use database. all countries/languages, etc.

i don't have a personal web site and more and more, i'm glad. it would be one more morass of crap beyond my mailserver.

Show threadJohn Kristoff1d ago
@jerry @paul_ipv6 @HoffmanLabs Any possibility you would be able and willing to make some data set available to academic researchers?
Show threadPaul_IPv61d ago

@jtk @jerry @HoffmanLabs

in my case, it would just be postfix logs, a lot of which would just show sbl-xbl blocking of same. if that's useful, let me know.

Show threadJohn Kristoff1d ago
@paul_ipv6 All data could be useful. The infosec.exchange ones in particular however would be particularly interesting, as spam to bluesky or the bridge looking email addresses would be too. I'd imagine "proper" research might also involve a "control" instance for experiments to be conducted on. I don't have the bandwidth to lead such a project, but I'd be interested in one. I can ask around if someone wants to do something like this.