back to article Ever had to register to buy online - and been PELTED with SPAM?

Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …

COMMENTS

This topic is closed for new posts.

Page:

and what's really annoying is that many of them won't accept a + in your email address. (For those who don't know, adding a "+company" to the first part of a gmail address is a good way to identify and block when your address gets passed on to third parties.)

21
0
Silver badge
Meh

The only way of getting around it with legitimate companies who think it is important to email you every week with an offer is to use a disposable address, collect the receipt when it's sent, have the item delivered and them shut the email address down.

Simple enough.

24
1

+1

Completely agree - especially when the validation message appears says "This is not a valid email address"! Go and read the RFC on valid email addresses before making up your own rules as to what is and what isn't a valid address. It's not exactly hard to create a regexp or similar to validate an address.

17
1
Anonymous Coward

So don't use the plus sign; gmail will do the same with other punctuation marks - period seems a good choice (ie myname.theircompany@)

Failing that, use a service like guerilla mail.

3
8
Silver badge

One reason I still maintain my yahoo account is those free disposable addresses, a real godsend.

1
0
Silver badge

Fortunately I own my own domain, so any time I register with a company like Fred Bloggs and co. I put my e-mail address down as fred.bloggs.co.uk@mydomain which means that I can always tell where someone got my e-mail address from and then create a custom filter to file their stuff straight into the junk mail folder :-)

34
0
Silver badge

I do the same, and these customised to each company email addresses give you a nice big fat stick to hit them with when they, inevitably, deny either selling or giving away your email address or having pathetic security.

7
0

@Graham Marsden

very similar to what I do plus my ISP allows me to add filters so that I can reject email from those idiots who sell my email address on to somebody else so that I never see them arrive.

I ALWAYS click the "no email" contact on all websites and it's interesting to see which ones flagrantly disregard this.

A few years ago I woke up one morning to an avalanche of spam to the email address I'd used on compare the market.com and not for their services either. They've been added to my filter list ever since and have never had my business again.

(gocompare don't get my business either, but that's because of that f**king annoying opera singer - the first time I heard the advert I said I wouldn't use them until they dropped it)

7
1

10 minute mail

Someone mentioned this a few months back, damn handy site.

Free oneshot email addresses

http://10minutemail.com/10MinuteMail/

5
0
Anonymous Coward

Re: +1

I had to update an email validation regex recently to avoid being unfair to a Mr O'Reilly and his apostrophe. Well at least he volunteered to use the test version to help test it before the main one went live, and told me about the bug so I could fix it. And that system has been in use every year for the last 8.

0
0
Silver badge
Thumb Up

I have my own domain and run my own mail server. I achieve the same thing using a wildcard alias system ;)

0
0
Silver badge
Facepalm

> these customised to each company email addresses give you a nice big fat stick to hit them with

Sadly they don't always believe you. The publishers of Avast! refused to accept responsibility when I started getting spam using the address I'd given for registration. They claimed it was probably a trojan on my system or else the email had been intercepted.

Clearly a security company that knows what it's doing. Not :-/

5
0
Bronze badge

Re: @Graham Marsden

you haven't been watching the ads lately... gocompare not only 'dropped' the singer, but made a whole new range a few months ago, of various 'stars' getting various types of 'revenge' on him... keeps it amusing at least..

BTW, you do *know* that they DO NOT SELL insurance??? the hint is in their name.... :/

1
4
Silver badge

Same here, one advantage of owning a domain is the infinite supply of email addresses, so I can use throwaway ones for most places, and unique ones for places I might buy from again. It's also interesting to see which ones 'leak' and start attracting generic spam.

0
0
Silver badge
Facepalm

Re: @Graham Marsden

I'm glad you explained. For the past few weeks I've been perplexed by an ad that starts with some bloke* failing to switch on Christmas lights, then cuts to the opera singer being tortured. I couldn't work out how that was supposed to generate electricity.

* The context suggests that I should know who some bloke is, but I've no idea. This adds to my perplexity.

0
0
Silver badge
Boffin

@Peter Hoare

As it turns out, you are quite, quite wrong in your assertion that it is trivial to validate an email address with a regular expression. The regex to validate a RFC2822 compliant email address is as follows:

(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])

4
0

@Loyal Commenter

Much easier if your language of choice has a library function for it in PHP it's:

filter_var($email, FILTER_VALIDATE_EMAIL)

1
0
Happy

Re: @Graham Marsden

Go Elsewhere

Go Elsewhere

If you find this ad is annoying then Go Elsewhere

And you'll thank your stars that you went to Go Elsewhere

2
0
Bronze badge
Thumb Up

Re: @Peter Hoare

See easy - how much easier can you get than "someone else has already done it"?

3
0
Silver badge

Re: +1

It's extra-ordinarily difficult to create a valid email regex see http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html

And when you do it's totally useless because to allow all the bizarre edge cases you end up having to allow so many genuine mistakes that there is no point.. "Abc\@def"@abc.com is valid

0
0
FAIL

Re: @Graham Marsden

Go Compare always gets hated why? I find that the animated girl on those confused com ads are far more annoying.

Thumbs up if you agree.

5
2
Thumb Up

@Graham Marsden

Yep, I do the theirname@mydomain thing too. It's always fun to catch a genuine evil spammer or unscrupulous etailer who has sold on your details without asking, as opposed to the (relatively) innocent marketing spam from which you can unsubscribe. Funnily enough, whenever the former has happened and I've received some real lowlife spam to a unique address, the companies concerned have always claimed it was a malware-infected email server.

Another problem is people harvesting your paypal address. There's not much you can do about that since it pretty much needs to be static unless you're prepared to change it periodically. I get around that by having all emails which come in to my paypal address (apart from the ones coming from paypal itself) dumped in a folder of their own, from which messages over a month old are automagically purged. Each sender gets a one-time auto-response containing a generic "transaction acknowledged" message and warning that I am unlikely ever to read their email.

0
0
Bronze badge
Meh

I also have my own domains, some I've had since 1998. I use a webhost that has greylisting. With greylisting any email from an invalid SMTP server gets deleted.

I also run MailWasher Pro 6.5.4 (the later versions are crap) which allows whitelists, blacklists, and custom filters. Best choice I ever made.

All in all, my spam has dropped from 500 a day to 30.

In other news, charities can be the worst. Ten years ago I donated to a disabled veterans charity, using a different middle initial and mispelled my last name (I refused to hand over my email). Soon I was getting flooded with phone calls, letters in the mail from cancer, children's, animal, indian, etc charities. Got worse with each year and didn't stop until I moved to another state.

1
0
Thumb Up

Add in a password tracker like LastPass. Records all these hundreds of email addresses and generates and stores unique, complex passwords for each one.

0
0

Re: @Peter Hoare

Cthulhu R'lyeh wgah'nagl fhtagn!

0
1
Unhappy

I have my own domain and always use a customised address for each company. I also always click the do not share my email address tickbox in the vain hope that companies might actually honour it. The worst offender I have ever dealt with is Thomson Fly. I once flew with them about 9 years ago and have since received a huge amount of unrelated crap addressed to tfly@ my domain. If I still lived in the UK I might consider a complaint to the data protection registrar, but a kill filter is a simpler option.

1
0
Silver badge
Devil

Re: @Graham Marsden

One of my favorite tricks to use in conjunction with some.company@mydomain is to scan the incoming address to check if it is actually coming from 'some company' and if it doesn't I automatically redirect it to something like customersupport@some.company. I've gotten some very cross emails but I almost never get spam on some.company.3@mydomain unless they run to their admin who sets up a filter on that end.

2
0
RW
Trollface

Re: @Peter Hoare

Does that work on Unicodized email addresses such as

მზია_კვირიკაშვილი@rustavi2.com

??

0
0
Thumb Up

@ ScottK

...that's if they even provide "do not contact" and/or "do not sell my details" tickboxes. SMBs are terrible for just harvesting (especially when you pay with PayPal) and expecting you to be ok with it. I've had some real idiots who refuse to acknowledge that people might get pissed off at that kind of behaviour. Even had one try to tell me her email wasn't spam ("because my shop actually exists").

0
0
FAIL

Re: @Graham Marsden

@illiad - someone who actually watches adverts rather than fast forwards - God forbid

1
0
MJI
Silver badge

Re:Go and die

Had an old recording on TV yesterday, someone forgot to skip the adverts, I had to run across the room, (next room to TV) and I nearly kicked in my TV to shut it up.

Power switch was first thing to hand, I know I shouldn't do but it does have a 5 year warantee.

BTW they are on my permanent shit list along with 4 or 5 other companies.

0
0
Mushroom

Re: @illiad

Clearly you've not watched the ads lately as that annoying f**cking opera singer is very much on them and still singing (Stephen Hawking black hole ad...).

Plus I never said that they sold insurance - clearly you never read posts correctly either.

0
0
Vic
Silver badge

> I achieve the same thing using a wildcard alias system ;)

I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated. That makes dictionary attacks painful to you and valuable to the spammer.

Far more effective IMO is to use an aliases file - allocate a fresh email address every time you give one out. If one gets abused, stub it out with a comment that it was abused. that way, the spam stops, and you've got a record of the abuse should you ever be tempted to deal with that company again.

Vic.

0
0
Bronze badge
Alert

At least give them a bad rating...

on Web Of Trust so the rest of us will know we don't want to do business with them. I will go out of my way to avoid a business with even a yellow rating, as spam is usually the problem with registering at that site. WOT is the most effective way we have to get even with these shoddy bunch!

3
0
Anonymous Coward

stop advertising your defenses

Dude, could you please stop advertising this defense method? The only reason it works is because it's not popular. Two lines of code and the spamers can bypass this safety. The longer we can ride this train empty the farther we go. Yes I'm being selfish, but this is a war and I'm OK with not making my bunker a bigger target. Please...

0
0
Silver badge
Go

> I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated

No it's not quite like that. The wildcard has a specific format so it won't match just anything - there has to be a certain substring present. If you send an email to 'anyoldcrap@mydomain' it'll go straight in the bit bucket. Indeed I get several dozen attempts from spammers along those lines every day. It's basically the same set up as using '+' - you need to know the basic rule :)

I don't think the risk from exposing my strategy is very high. The spammers would still need to work out the substring I use and I can easily use a different one. Because it's a multi-part name it makes a dictionary attack far harder. I think one of them might actually have guessed the substring a few years ago. At least I started getting spam to it and I only ever used it for reminders. However they haven't twigged that it is substring so it doesn't matter much. I just blacklisted it.

If they twig how the wildcard works I'll just add a second substring. Or maybe a third. I bet it'd take a while for (example only) abc.321.zmd.<whatever> to be compromised :)

0
0

I send it back to them

I've got my own domain, so when I have to sign up in this way the email address I use is company-name@mydomain.com

If I start getting a load of spam then I just create a mail forwarding rule on my domain and point that address back at the contact email address for the relevant company.

0
0
Anonymous Coward

They don't even spam well

For those of us who mostly try to avoid HTML emails, 80% of the 'proper' companies won't include plain text, or worse only put their message in some image that would have to be downloaded. Sorry. I can't read what you're saying...

15
0
Bronze badge

Re: They don't even spam well

The main reason that online images are used is that the sender can track when you have read the email.

5
0
Silver badge

Re: They don't even spam well

Unless you're in my whitelist, an attempt to send me email with an HTML part will result in it being bounced. This also takes care of an amazing amount of spam. HTML email is a security hazard, anyway.

2
0
Silver badge
Windows

Re: They don't even spam well

the sender can track when you have read the email

Only if you're dumb enough to let your email reader download images by default.

6
0
Bronze badge

Re: They don't even spam well

" Only if you're dumb enough to let your email reader download images by default."

In most cases, you cannot "read" these emails without downloading the images. Which means if you don't allow the images, you are not their target audience.

1
0
RW
Boffin

Re: They don't even spam well

Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.

Thus if your email client is set up not to render HTML, you are s.o.l.

OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.

0
0
Anonymous Coward

Re: They don't even spam well

"the sender can track when you have read the email"

And they seem to get quite distressed when you turn off image download and they can't. BT, British Gas and a whole load more dont seem to get that it is actually possible to open and read their mail without them knowing about it, and in some cases actually send more crap asking why you aren't reading their "newsletters". No wonder people think they're creepy.

3
0
Bronze badge
Stop

Or click anywhere on the email...

if the images and links are not blocked. Actually I never touch anywhere on an unsolicited email. Hotmail eventually catches up to their shenanigans and blocks them all!

0
0

Re: They don't even spam well

Better still, just blackhole it, and log the sender for weekly analysis, just in case it might have been important.

0
0
Unhappy

Even worse; trying to change email...

Several of the stores I shop at still send me offers on my old address, and trying to remove it from the mailing list fails as it's no longer associated with an account...

(Yes, they also send me offers on my new address... )

0
0

Re: Even worse; trying to change email...

One way to fix that is to forward all emails to the old address from that organisation to their abuse address. I find they stop when they tire of abusing themselves.

3
0

Re: Even worse; trying to change email...

I try to unsubscribe once if I know it is a store I signed up with and if that fails their IP gets moved to my mail server's black list with an SMTP error message explaining exactly why I added the block.

Life is so much less annoying that way.

0
0

Disposable

Trashmail.net and it's firefox plugin does it for me.

1
0

Page:

This topic is closed for new posts.

Forums