• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What is http://www.returnpath.net?

Muse

Muse

Lifer
I've gotten a couple of emails from this entity and I want to know basically who they are. They appear to claim that I registered with them and that their functionality (at least in part) is to allow organizations that have my former email address to get my new email address, contingent upon my permission. The email I just got seems to say they will update a certain organization with my new (current) email address within 10 days unless I intervene.

My spam screening program (Mailwasher) wants to delete these emails and add them to my blacklist, but I'm not so sure what to do. Mailwasher is sometimes wrong, very wrong. The email I just got indicates I can unregister from the "service."

I don't remember registering with these people! I did change my email address, or rather created a subaccount at my ISP and started using that subaccount instead of my main account because I had been getting huge amounts of spam. I now get no spam, but I'm wary. Very wary!! Thanks for any light you can throw on this!
 
If you go to their web site, looking at the "business side", it looks kind of scary. Looks like they sell services to spammers^H^H^H^H^H^H^H^Hlegitimate opt-in direct-email marketers, to allow them to track users that change e-mail addresses. Their form for consumers to enter their "old" and "new" e-mail addresses into a form on that page, strikes me as odd too. I guess they use that to update their mass e-mailing databases, because they certainly can't offer a forwarding service without the appropriate password to retrieve mail from one of those accounts/mailboxes.

My guess? Yet another spammer or spammer sub-contractor, trying to appear legit, and trying to find out if your new e-mail address is related to the old. I wouldn't be surprised to find some sort of tracking mechanism in the e-mail that they have sent you. If you didn't knowingly sign up for their services, then I would assume wholeheartedly that it is some sort of commercial spam.

Edit: Ok, maybe I'm totally wrong, they do offer personal forwarding services, and do ask for your old e-mail password. Forwarding services works with active accounts, for AOL, MSN, Hotmail, Yahoo, and generic POP3 access. They also seem to have some marketing affiliation with Comcast and Verizon.
http://www.returnpath.net/forwarding/

Is it possible that your ISP sends all e-mail changes to this company automatically, as a "service" to you?
(Interestingly, I'm on VOL DSL myself, I'll have to check to see if they're doing this too. I hope not.)
It appears that anyone can search their "e-mail change-of-address database", using one of your old e-mails as a key, and find your new, current e-mail address. That just sounds too much like spammer-heaven to me. 🙁 (The top reasons that people change e-mail addresses, are to run away from mounting volumes of spam.)

Thanks for the interesting heads-up, I wonder if the folks over at DSLR have heard about this yet.

PS. If you want an easy-to-use, disposable e-mail, check out mailinator.com. (No affiliation.)

Edit 2: After reading the first few entries in their FAQ under tech-support, they claim to require your permission to send your current up-to-date e-mail address to those requesting it who only have an older e-mail address. The service also claims to be free for end-users, but they charge for businesses who want your updated e-mail contact info.

Edit 3: I don't know what to think about this site. On one hand, it looks like a useful service, for end-users, to allow other users to request their updated e-mail contact info, though a "neutral" intermediary. Yet, on their home page, their ad-copy for businesses is way scary, using phrases like "optimize deliverability rates", "increase response rates"... heck, just using the phrase "e-mail marketers" is scary enough for me. The fact that they have both the Truste and BBBOnline logos prominently displayed on their homepage just screamsshyster to me. Yet they also have a logo that claims that they are the official e-mail change-of-address service for the USPS's "moversguide" site. That sounds almost halfway legit.
I would love to allow possible contact by someone that only had my old e-mail address, but I'll be darned if I hand over my entire e-mail address history to a company that probably works hand-in-hand with spammers.

I just thought of something else too - what about overlapping e-mail addresses? What happens when someone requests updated contact info, from someone that had a certain address, but someone else had that same address at a later date? Do they send the requests to the current e-mail addresses registered for both? What if the person requesting the update, only knows of one of the holders of that address, but the *other* holder is the one that entered their updated contact info into ReturnPath's database? That could be downright misleading, and a threat to identity in and of itself! The very existance of this service, due to lack of futher authentication mechanisms, is dangerous!
 
Interesting evaluation, VirtualLarry. My ISP is SBC ( _me_@pacbell.net). I wonder if they've contracted or given permission to these people in _my_behalf_! I may have made a blunder already in not simply bouncing every darned one of these. Maybe I should unsubscribe from the "service", which appears to be something they ostensibly support. I wondered from the getgo how they even found out about my "change of address."

Here's what I think probably happened: I went to one of the sites I am registered with and did what I thought I had to do to inform them that in the future I want any email contact with me to be through my new account, not my old account. Somehow, one of those sites dovetailed into this organization. I can't guess which site that would be. Not sure how to deal with it. What scares me is this statement from the email I just got from them, which I got a duplicate of, BTW, spaced about 56 minutes apart:

"Because you use Return Path?s email change of address services, we will provide your current email to Sprint for you in seven days, unless you tell us not to allow the update."

Fact is, I cancelled my Sprint account some 5 weeks ago. Having to respond to these emails to keep them from divulging my new email address to these parties is scary. Maybe I'll "cancel" my subscription to this "service."
 
Muse, thanks for the info, that indeed is rather scary. From the description of the procedure on their site, it appeared that it required a positive (opt-in) reply from you before they would divulge your new e-mail address. Apparently, for businesses seeking that information, it is handled differently (opt-out). That's quite disturbing, if only for the fact that many services (Verizon's, and several others), are now bouncing/filtering mail, due to both spam filters, and other things like "secure sender" configs, which require the senders to have valid RDNS, among a bunch of other things that I currently can't recall off of the top of my head. So if those "opt-out" request e-mails bounce or disappear into the void.. well, consider your e-mail address change history to be nearly-public information then.

I did notice that ReturnPath's services are "integrated" into the user-account control-panel features for Verizon.net subscribers, if you hadn't alerted me to investigate this service, I might well have ignorantly punched in some of my old addresses. (I'm still considering whether I think ReturnPath's services are useful or not.)
 
Originally posted by: VirtualLarry
Muse, thanks for the info, that indeed is rather scary. From the description of the procedure on their site, it appeared that it required a positive (opt-in) reply from you before they would divulge your new e-mail address. Apparently, for businesses seeking that information, it is handled differently (opt-out). That's quite disturbing, if only for the fact that many services (Verizon's, and several others), are now bouncing/filtering mail, due to both spam filters, and other things like "secure sender" configs, which require the senders to have valid RDNS, among a bunch of other things that I currently can't recall off of the top of my head. So if those "opt-out" request e-mails bounce or disappear into the void.. well, consider your e-mail address change history to be nearly-public information then.

I did notice that ReturnPath's services are "integrated" into the user-account control-panel features for Verizon.net subscribers, if you hadn't alerted me to investigate this service, I might well have ignorantly punched in some of my old addresses. (I'm still considering whether I think ReturnPath's services are useful or not.)
Click to expand...

I reread their last post to me from which I quoted in my last post (above). Well, from that, they look legit, but what you say concerns me. I don't understand your statement:

So if those "opt-out" request e-mails bounce or disappear into the void.. well, consider your e-mail address change history to be nearly-public information then.

You mean if I bounce their mails to me, they can/will/may be intercepted by spammers? How?

Presumably ( 🙂 ) these people only consider doing an opt-out request for legitimate companies, not spammers. How could my new email address leak into the hands of spammers by virtue of this?
 
No, I meant that, assuming that you have entered both your old, and new, e-mail addresses into their searchable database, then when someone does a search, and returnpath sends you an "opt-out confirmation" e-mail, if that e-mail is bounced due to anti-spam measures, then the original requester will get your new e-mail address automatically, due to the confirmation being opt-out rather than opt-in. So in the general case, you can assume that anyone can get your updated e-mails. They claim that it costs money for businesses to search for updated e-mails, but free to end users, but what's to prevent a spammer from impersonating an end-user to get free database lookups?
 
Originally posted by: VirtualLarry
No, I meant that, assuming that you have entered both your old, and new, e-mail addresses into their searchable database, then when someone does a search, and returnpath sends you an "opt-out confirmation" e-mail, if that e-mail is bounced due to anti-spam measures, then the original requester will get your new e-mail address automatically, due to the confirmation being opt-out rather than opt-in. So in the general case, you can assume that anyone can get your updated e-mails. They claim that it costs money for businesses to search for updated e-mails, but free to end users, but what's to prevent a spammer from impersonating an end-user to get free database lookups?
Click to expand...

It's theoretically possible, but they probably have it worked out where it can't be done automatically. IOW, spammers can't set up a bot to check with Returnpath for a whole list of email addresses. That's a pretty basic area of modern Internet security. What makes you think they aren't doing that?

Also it's possible that the opt-out scenario is only for known and trusted entities and that for "individuals" it's opt-in. That would take care of it too.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top