Receiving spam on FlyerTalk-unique email address
#31
A FlyerTalk Posting Legend
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 71,114
I'm not a moderator, but I doubt any of the 90+ mods who volunteer their time on FT are spamming anyone. They've got limited amounts of time & are usually busy spending it moderating.
Cheers.
Cheers.
#32
No longer with Internet Brands
Join Date: Mar 2011
Location: Los Angeles, CA
Programs: DL DM 1.6MM, Marriott LT Plat
Posts: 5,343
As Jose indicated, there will be no real way to track down how or why your email address has been spammed. If you like, you can always change it.
Happens to the best of us. Spam is simply a fact of life, and there's no way to fully insulate a given email address. That's why we have access to a nearly infinite supply of them for free.
Paul
#33
Join Date: Nov 2007
Location: SW London
Programs: BAEC Silver; Hilton Diamond;a miscellany of other hotel non-statuses
Posts: 3,607
Either:
- Harvest someone else's [email protected], split each into two and reassemble new addresses, either based on common patterns or just randomly;
- Identify high volume forum sites, take the distinguishing part of sitename.com, and prepend it to a list of domains you already have.
#34
Ambassador, New England
Join Date: Aug 2001
Location: Maineiac, USA
Programs: Amtrak, WN RR, Choice
Posts: 2,655
I don't have a dog in the fight as my email (which isn't my own domain) has very good spam filtering tools, but to be perfectly honest, the apparent lack of concern of this issue by IB is very disturbing. Either someone (or if not a specific person, some automated system) involved with IB is purposely using information to send spam (and I don't think it is a mod for the same reasons SkiAdcock mentioned above), or they're not and the system is being hacked into. Either way, I'm amazed that the only solution and level of caring is just shrugging shoulders and saying "oh well".
#35
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
I don't have a dog in the fight as my email (which isn't my own domain) has very good spam filtering tools, but to be perfectly honest, the apparent lack of concern of this issue by IB is very disturbing. Either someone (or if not a specific person, some automated system) involved with IB is purposely using information to send spam (and I don't think it is a mod for the same reasons SkiAdcock mentioned above), or they're not and the system is being hacked into. Either way, I'm amazed that the only solution and level of caring is just shrugging shoulders and saying "oh well".
If that is what seems apparent, the facts are IB is quite serious about privacy, spam control, preventing breaches, etc. but that all goes on in the background, and certainly the methods and steps taken would not be discussed in the public fora for them to be seen by potential malefactors.
One might wonder why I'm seeing 119 (14 [signed in] members & 105 guests) in one forum, and further wonder exactly what and why the guests are reading, for example.
#36
Join Date: Oct 2010
Posts: 1
Howdy, all.
I submitted a report via the "contact us" mechanism and it was suggested I 'share my experience' here.
I recently received some spam to my flyertalk email address. Like some of the other reporters, I have an email address that uses address extensions so that it's specific to the site it's registered with, and not used elsewhere. Additionally, I use my own domain for email.
I'll leave the details out of this post, but suffice to say that my email address would not have been selected algorithmically; and it's certainly not used elsewhere. If it was disclosed to spammers, it was either as a result of flyertalk's owners (as some suggested earlier in the thread), or some sort of compromise/scraping of the site.
I don't care so much about the fact that I'm getting spam; part of the point of using per-domain emails is that I can easily block it; the reason I reached out via "contact" is the first place is in the belief that it's more likely a site compromise of some sort rather than intentional disclosure.
n.b., I have no reason to believe it'd be moderators scraping, but please don't be insulted when I point out it's technically possible. I think it's more likely that an account was compromised, the application has vulnerabilities like cross-site scripting or SQL injection, or a system-level compromised occurred.
n.b.b., My email address was certainly not generated algorithmically like one respondent suggested. It consists of a username, a non-standard address extension character, the target domain (flyertalk), all at my own personal domain. There is nobody else that uses my domain on flyertalk, and nobody that has my address part on another domain.
- Patrick
I submitted a report via the "contact us" mechanism and it was suggested I 'share my experience' here.
I recently received some spam to my flyertalk email address. Like some of the other reporters, I have an email address that uses address extensions so that it's specific to the site it's registered with, and not used elsewhere. Additionally, I use my own domain for email.
I'll leave the details out of this post, but suffice to say that my email address would not have been selected algorithmically; and it's certainly not used elsewhere. If it was disclosed to spammers, it was either as a result of flyertalk's owners (as some suggested earlier in the thread), or some sort of compromise/scraping of the site.
I don't care so much about the fact that I'm getting spam; part of the point of using per-domain emails is that I can easily block it; the reason I reached out via "contact" is the first place is in the belief that it's more likely a site compromise of some sort rather than intentional disclosure.
n.b., I have no reason to believe it'd be moderators scraping, but please don't be insulted when I point out it's technically possible. I think it's more likely that an account was compromised, the application has vulnerabilities like cross-site scripting or SQL injection, or a system-level compromised occurred.
n.b.b., My email address was certainly not generated algorithmically like one respondent suggested. It consists of a username, a non-standard address extension character, the target domain (flyertalk), all at my own personal domain. There is nobody else that uses my domain on flyertalk, and nobody that has my address part on another domain.
- Patrick
Last edited by Prospero; Oct 9, 2015 at 6:14 pm Reason: combine two consecutive posts into one