Re: Registration tactic
> register with sites like email@example.com, firstname.lastname@example.org,
> facebook@mydomaincom, etc
Yes, I've been doing this for a decade or so. Most of the spam comes from:
- Addresses harvested from bugs.debian.org, where bug reporters' email addresses are not obfuscated. This is my single largest source of spam, by far.
- Companies whom I've bought things from who "forget" that I opted out of their "marketing emails", or whose "click here to unsubscribe" forms just don't work. This includes many apparently-legitimate well-known businesses.
- Friends who have, presumably, suffered some sort of malware attack that has copied their address book (maybe one message per month).
The number of cases where one company seems to have sold my email address to another is very small. I can recall two:
- Watford Electronics seems to have sold or given my address to another company (I forget the details now, it was a few years ago).
- The address that I gave to RBS WorldPay was used to send spam from one of their competitors. I suspect that might have been an ex-employee taking a customer list with them, or something.
So in summary, my experience is that the sale of email lists is not a huge problem compared to (a) harvesting from websites like bugs.debian.org and (b) companies sending spam to their own (ex-)customers, ignoring their opt-out requests.