About a year ago I purchased a keyboard cover from MacSales.com for my laptop to protect the screen while in transit. Like any purchase on the web, I gave MacSales.com my email address. On friday that email address was sent spam telling me I had won $50,000.

The reason I know this is an email address I gave MacSales.com is because I make up a new address every time I sign up for something. So for example, had I signed up at foo.com for some new foos, the address I would have given them is . MacSales.com was given .

Fast-forward a year and I receive this in my inbox:

From: nipsbrown1996@yahoo.com
Subject: You have won $50,000
Date: July 23, 2004
To:

Welcome to Nipps Brown,
We are pleased to inform you of the result of the eBay Online Winners programs held on the 28th of January 2004. Your e-mail address attached to ticket number 843-543075 drew lucky SEQUENCE NO.: 81210719 which consequently won in the 2nd category. You might have been approved for a lump sum pay out of US$ 50,000.00 (Fifty Thousand United States Dollars).

So I emailed MacSales.com to tell them my address had been picked off their user table. What was the reply? Spammers are getting smart. Benjamin Priest responded:

Hi

We do not sell email address, Spamers are getting very good at taking a email address and running hundreds of thousands of variations of this in a mass spam. Or using software to grab email address out of cyberspace.

We do all we can to prevent spam and help the mac comunity stop spaming, I can asure you this was not from OWC.

Sincerely
Benjamin Priest

I couldn't care less if you do all you can to "help the mac comunity". If someone has proof that your user accounts are being skimmed you should do something about it rather than pass it off to smart spammers being smart. He 'asures' me it wasn't from OWC, but if 'spamers' are grabbing email addresses out of cyberspace, doesn't that mean OWC is sending my address in cleartext somewhere?


comments

bbrad2

I can't stand when you go the extra mile to actually help out a business and get a low-level response like that. I just started using email addresses the same way for purchasing..


Andre Torrez

Ah, more from Benjamin.




We do not sell email address that is a fact!
Report the spamer to your ISP to help curb the spam. Their is also anti spam site that you can report to



Sincerley

Benjamin Priest


What anti-spam site is he referring to? Is this a joke?


bbrad2

hah! I think he keeps that text in his clipboard to paste and send. Or else he sounds suspiciously like a bot;-)


Jason D-

There's also a chance that they are using a 3rd party processor on their sales and that they are the ones intercepting and selling the addys. Any site using those cheezy ass bizrate buttons is always suspect. And the other option is he's lying out his ass which is probably the case.


Andre Torrez

I think Benjamin is just answering what they tell him to answer in this situation. I'm 99% sure a spammer didn't dream up a script to send to macsales.com@mydomain.

As far as Benjamin having a spelling problem, I don't know what to make of that. Is Benjamin Priest really 'Benjamin Priest'? How can your customer service representative lack a spell checker?


Jennifer

Shouldn't you be thanking Benjamin Priest? Because of him you'll soon be coming into $50,000!

And what a crazy coincidence...just a week ago some nice Nigerian woman contacted me via email to let me in on a lucrative business opportunity worth $43 BILLION!


Andre Torrez

Give me all of your money.


Michael

based on my experience working at evilBay, it's surprising the lengths spammers goto in order to get active email addresses.

here's a great site for spoofs/spams:

http://millersmiles.co.uk

there's also spamcop.net and haltabuse.org to learn more about spam and online harassment in general.


Justin Mason

He just doesn't get it! If spammers were cleverly concocting new email addresses, there'd be a whole lot more spam for amazon.com at torrez.org, blahblahblahothersite.com at torrez.org, and a load of other addresses, and they'd all wind up in your inbox anyway. Instead, sounds like this is not the case (right?)

I think you're right, their accounts db has been grabbed and sold. It might only have been the email addresses (for PR) part, though.

BTW, have you got the (full) spam? Might be able to work out which spammer it was from that.


k@departmentk.com

Livewarehouse.com did the same to me a few months ago. At least with the yourwebsite.com@mymaildumpdomain.com setup you can send the comprimised email addresses to the black hole and remember not to do business with them...


Ilya Haykinson

This has happened to me before.
I make up addresses in the form ilya-@netapt.com, and am always surprised to see respectable companies start to spam at those addresses.

It happened to me twice. Once with Gamespy (perhaps some user list showed my address there?), once with a .NET control vendor (they never even replied to my abuse submission), and once with an online clothing vendor, Karmaloop.

For the record, Karmaloop was horrified that someone spammed me on this email address. They didn't dispute it at all, had their president call me back, gave me a gift certificate for my troubles and said that they'll change their newsletter mail company.

Now _that_ is what I would expect. If MacSales.com is not doing what's proper, I say just ask them once more and then contact someone in the press (Declan McCullagh over at News.com / Politechbot, for example, can get amazing results from stupid companies). Or post it to a Mac forum of some sort...


Ilya Haykinson

er, typepad ate my email formatting. ilya-sitemoniker@netapt.com is what it said.


Mark

This is very simple: Macsales.Com is a very common name in China.


tom

Since yahoo started to let users make dispoable addresses like this, I've been using it a lot and I was surpised to see my new dispoable whois address get spam almost immediatly after updating it.


sirhc

Could have been a employee that stole the e-mail list for personal use. I would forward your story to EFF or similar privacy group and see how far it gets. While e-mail spam might be brushed off, having word out about your CC info being available to uncertain parties via a slack privacy policy should get a more focused response.


Mike

I got the same type of email, but from a different source. The address I use for macsales hasn't seen any use. So it *might* not be them but someone who has or had access to their database. They still need to check.


shadow

This happened to me about two years ago with Macsales.com. I also use custom email addresses of the format "companyname@mydomain.com", and so I'm able to trace abuse by any company.

A few weeks after a Macsales order, I received a SPAM to their custom address. When I complained to Macsales, I was told that a disgruntled former employee had walked with their customer list, and that it would never happen again.

I believed them at the time, but now this appears to be a pattern. Fool me once...


OWC Larry

At no time in the past and no time in the future has OWC nor will OWC sell or otherwise provide(d) customer information or e-mail accounts.

We do not spam people, although we do have an opt-in e-mail list.

We are also an ISP, operating FasterMac.Net and OWC.NET. From experience and consultation, we know first hand the tools spammers put to their use.

You need to understand, once they have a hit on one e-mail address - all the elements of the address will be used across all other domains or all e-mail front portions. When you are employing trojans on unsuspecting users windows boxes - you're not exactly concerned with how many positive hits you make.

Our primary e-mail database is not even accessible to the net. It has no IP and further - it's data is encypted. Our e-mail servers all run on Linux and are swept on a routine basis + we also pay for the services of 'HackerSafe' to further be protective of our services.

It's no fun having to deal with this type of crap. And those that do this stuff, well, there should be stiffer laws and penalties.

Also - some ISPs/Mail software on the receiving end still leave domain broadcast options open (it's a simple setting that most turn off so someone can not just mass deliver mail to everone at a domain). The sad thing though really, is that things that were once useful tools - are highly abused in this day.

We take this stuff very seriously. And to say we are giving away e-mail addresses is just plain not true.

And lastly - e-mail is not encyrpted. When you send a message - it's plain text unless you and your recipient are using custom encryption. It would be great to see a STANDARD out there so this could be done without fear of easy cracking, but it's not there yet for standard e-mail between ISPs - although it is coming along, efforts underway with the major ISPs that have to be part of such a standard for it to exist.

Finally, (lastly was not last after all), Ben is a valued employee of OWC and yes his name is Benjamin Priest. And he does work in customer service to do just that. Although the mis-spellings are embarrassing (and I apologize if i have mis-spelled anything in this post), I am not sure what else he could have said. He told the truth as I have here and I am HAPPY to respond to any questions or comments on this matter - feel free to e-mail me owc@macsales.com.

Thank you.


OWC Larry

One more comment that our net tech made to me... If the e-mail address had been sold or provided to a spammer by any means, rather than just a random pickup - far more than just two e-mails would have appeared over the last 1 year period.

We all hate spam - but give the spammers a bit of credit for their sniffing and generation tools - which makes us hate them worse.


Matt Burris

It's good to see MacSales addressing this in public, and I do agree that spammers are getting smarter. However, this also means we have to find other ways to protect our email; it is such a valuable tool of communication, and to have it spammed incessantly is extremely annoying.

Which is exactly why I enjoy sites like http://www.mailinator.com and http://www.bugmenot.com to help secure my privacy and minimize the annoying spams. When you really think about it, you shouldn't have to give your email to order something online, or to read an article on a news magazine, and so on. Especially not in an age where spam is such a problem.


Bubba

I once worked at a pay website as a producer. My boss wanted me to learn MYSQL so I had access to the main db with all the client info including email addresses and passwords. It was very easy to run a query for emails and p'words, save the file and email it. Nobody would have known. Many people use the same password at every site. I could have used the names and p'words at yahoo and hotmail addresses or even paypal and ebay to see if they worked. It's scary what I or a collegue could have done. It all comes down to trust since nobody really knew what was going on.


Stump

I've stopped expecting my email to be private. Email is completely and utterly broken. I'm curious how you can possibly prove, based on mail showing up to an alias, that it was sold by the one company who had it? And why only one spam? Known good addresses get more than that. In fact, from this one post, I'm sure that at least one robot will nick my email address and immediately begin spamming me, maybe even within an hour or less.

There are so many places along the way where your email address is exposed that one can't possibly expect email to be private. How many hops occur from when I hit "send" or press the "Post" button on this form before the actual packets reach your web server? There's simply too many people/machines/robots between you and the person/machine/robot on the other end to have any expectation of privacy. Email, by it's very design, is wide open to abuse, and never has it been private.

As much as I like what you write Andre, I gotta say, you don't have a very firm foundation to make this argument.


hpg

stop wasting cycles on things like this. ephemeral e-mail addresses are unbelievably simple and free.

suckitstupidvendor.b.username@spamgourmet.com = 2 e-mails allowed to be received. anything else never gets to you. suckitstupidvendor.d.username... = 4 e-mails.

you can control(add or remove) the number of remaining e-mails at any time. i could go on and on about this but it is easier(and faster) if you just check it out yourself.

i am not affiliated with spamgourmet.com but that doesn't stop me from loving it. spam stops when you want it to.


Andre Torrez

Oh, I'm not complaining about receiving the spam, I'm complaining that
an address I gave them found its way into a spammers list. I don't
think it's nice they gave my address away.

I can filter stuff into the trash. No big deal.


OWC Larry

Not sure how I missed a couple comments the first time - but wanted to hit a couple additional points.

#1 - the address in question was never part of our OWC Tips n' Deals e-mail list. This was not an issue of our newsletter list being compromised - he's not on it and has not been on it with that address. Further, our newsletter is handled in house as well. We are an ISP and do not let ANYONE else handle or have access to our data.

#2, and more serious - NO ONE has ever walked off with our customer list, period. There has not been a disgruntled employee, etc, that we've ever said as an excuse, etc. Such a breech has not occurred and the number of people who have access to actually get to the data is restricted to three admin level staff.

There is no evidence that supports that comment in the very least and, well, the problem with anonymous posting I guess.
------

Anyway - thank you for listening and I am thankful too for some objective support.

Sure there are companies that don't care, that do sell or give away or mishandle their customer data - but that isn't Other World Computing... and on that note - we are not to be confused with a company that goes by the name of Macsales - we are Other World Computing with the domain www.macsales.com (for nearly 10 years) - not the company Macsale International or Macsales - in case any confusion.


Jon Hiller

It's bad when people are naive enough to think that email is unique when a company name is in the email address......even worse he’s got the whole domain as his address...heh..Jon


john

I have a money making propostion.
Email me to talk.

tililongjohn2@tiscali.it


incest rape

http://incestpsdics.hiddenorsdfgy.com/sex.html http://incdest.fdpicsdfs.cosm/sex.html http://tasboo.i-fpicss.cosm/sex.html Hi


Dougal

BEWARE : Macworld (the mag) rents the emails of all their subscribers. I recently renewed my subscription online (for the last time) to this publication. I indicated that I did not want my email address distributed . I recieved an email stating that my address will be taken out of the list but that my address had already been rented.


comments for this entry have been closed.

before this i wrote advice from a man who has lived after this i wrote macsales.com responds

navigation


The best fresh roasted coffee right to your door. It's easy! Give Tonx a try…