• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Accessing emai lists. How does it happen?

CPA

CPA

Elite Member
Okay, the setup:

We have, what I believe from our website administrators (third-party), a secured website of our customers data. We do not provide, sell or in any way, shape or form give out our customers email addresses.

The problem:

Was just forwarded a spam email from one of our customers that specifically identifies our company in the spam mail. It didn't come from us nor was authorized by us.

My questions:

How could they have gotten ahold of our email list?

What can I do to stop it?
 
Just one customer received the email? Can you make some calls to see if any other customers got that same email? It seems unlikely somebody would steal a mailing list and only use one address from the list.

Where did that SPAM email originate? That'll be in the header of the email. There's nothing else in an email header that you can trust, but you can generally trust the IP address of the last mail server that handled the email. See if the SPAM came from any of your client's mail servers.

By "specifically identifies our company in the spam mail", do you mean your company's name was used in the text of the email? Or do you mean your company was listed as the "sender" of the email (i.e. "From:").
 
Last edited:
How do you know one of your customers machines isn't infected and spamming everyone in their address book?
 
RebateMonger said:
Just one customer received the email? Can you make some calls to see if any other customers got that same email? It seems unlikely somebody would steal a mailing list and only use one address from the list.

Where did that SPAM email originate? That'll be in the header of the email. There's nothing else in an email header that you can trust, but you can generally trust the IP address of the last mail server that handled the email. See if the SPAM came from any of your client's mail servers.

By "specifically identifies our company in the spam mail", do you mean your company's name was used in the text of the email? Or do you mean your company was listed as the "sender" of the email (i.e. "From:").
Click to expand...

It was in the text. the email was addressed to him, but the message addressed him as if he was part of our non-profit organization.

He tried to send the header to us, but it didn't work out. We're pretty sure it only impacted him and probably the spammer got everything through his emails.
 
CPA said:
He tried to send the header to us, but it didn't work out. We're pretty sure it only impacted him and probably the spammer got everything through his emails.
Click to expand...
If using Outlook, they can just cut and paste the header from the "Message Options" properties for the email.
 
Any email communication is simply passed on from server to server on the internet, as a series of packet that often take different routes, that ultimately reassembled into a coherent whole on the receiving computer.

Anyone can intercept those packets and decode the intended email address even if they can't intercept the whole message.

In short, when you create a new email address and receive a few emails, some enterprising fellows capture it, and start selling their new new new email addresses list to spammers. Its all automated and impersonal, and even if your email address is only worth a thousandths of a cent, it adds up to big money.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top