back to article Ever had to register to buy online - and been PELTED with SPAM?

Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …


This topic is closed for new posts.


  1. Fred M

    and what's really annoying is that many of them won't accept a + in your email address. (For those who don't know, adding a "+company" to the first part of a gmail address is a good way to identify and block when your address gets passed on to third parties.)

    1. LarsG

      The only way of getting around it with legitimate companies who think it is important to email you every week with an offer is to use a disposable address, collect the receipt when it's sent, have the item delivered and them shut the email address down.

      Simple enough.

      1. Mark 65 Silver badge

        One reason I still maintain my yahoo account is those free disposable addresses, a real godsend.

        1. Mayhem

          10 minute mail

          Someone mentioned this a few months back, damn handy site.

          Free oneshot email addresses

      2. Number6

        Same here, one advantage of owning a domain is the infinite supply of email addresses, so I can use throwaway ones for most places, and unique ones for places I might buy from again. It's also interesting to see which ones 'leak' and start attracting generic spam.

        1. BillG Silver badge

          I also have my own domains, some I've had since 1998. I use a webhost that has greylisting. With greylisting any email from an invalid SMTP server gets deleted.

          I also run MailWasher Pro 6.5.4 (the later versions are crap) which allows whitelists, blacklists, and custom filters. Best choice I ever made.

          All in all, my spam has dropped from 500 a day to 30.

          In other news, charities can be the worst. Ten years ago I donated to a disabled veterans charity, using a different middle initial and mispelled my last name (I refused to hand over my email). Soon I was getting flooded with phone calls, letters in the mail from cancer, children's, animal, indian, etc charities. Got worse with each year and didn't stop until I moved to another state.

    2. Peter Hoare


      Completely agree - especially when the validation message appears says "This is not a valid email address"! Go and read the RFC on valid email addresses before making up your own rules as to what is and what isn't a valid address. It's not exactly hard to create a regexp or similar to validate an address.

      1. Anonymous Coward
        Anonymous Coward

        Re: +1

        I had to update an email validation regex recently to avoid being unfair to a Mr O'Reilly and his apostrophe. Well at least he volunteered to use the test version to help test it before the main one went live, and told me about the bug so I could fix it. And that system has been in use every year for the last 8.

      2. Loyal Commenter Silver badge

        @Peter Hoare

        As it turns out, you are quite, quite wrong in your assertion that it is trivial to validate an email address with a regular expression. The regex to validate a RFC2822 compliant email address is as follows:


        1. Gerhard Mack

          @Loyal Commenter

          Much easier if your language of choice has a library function for it in PHP it's:

          filter_var($email, FILTER_VALIDATE_EMAIL)

        2. John Robson Silver badge
          Thumb Up

          Re: @Peter Hoare

          See easy - how much easier can you get than "someone else has already done it"?

        3. Mike Richards Silver badge

          Re: @Peter Hoare

          Cthulhu R'lyeh wgah'nagl fhtagn!

        4. RW

          Re: @Peter Hoare

          Does that work on Unicodized email addresses such as



      3. Yet Another Anonymous coward Silver badge

        Re: +1

        It's extra-ordinarily difficult to create a valid email regex see

        And when you do it's totally useless because to allow all the bizarre edge cases you end up having to allow so many genuine mistakes that there is no point.. "Abc\@def" is valid

    3. Anonymous Coward
      Anonymous Coward

      So don't use the plus sign; gmail will do the same with other punctuation marks - period seems a good choice (ie myname.theircompany@)

      Failing that, use a service like guerilla mail.

      1. Graham Marsden

        Fortunately I own my own domain, so any time I register with a company like Fred Bloggs and co. I put my e-mail address down as which means that I can always tell where someone got my e-mail address from and then create a custom filter to file their stuff straight into the junk mail folder :-)

        1. Nick Ryan Silver badge

          I do the same, and these customised to each company email addresses give you a nice big fat stick to hit them with when they, inevitably, deny either selling or giving away your email address or having pathetic security.

          1. AndrueC Silver badge

            > these customised to each company email addresses give you a nice big fat stick to hit them with

            Sadly they don't always believe you. The publishers of Avast! refused to accept responsibility when I started getting spam using the address I'd given for registration. They claimed it was probably a trojan on my system or else the email had been intercepted.

            Clearly a security company that knows what it's doing. Not :-/

        2. Chris007

          @Graham Marsden

          very similar to what I do plus my ISP allows me to add filters so that I can reject email from those idiots who sell my email address on to somebody else so that I never see them arrive.

          I ALWAYS click the "no email" contact on all websites and it's interesting to see which ones flagrantly disregard this.

          A few years ago I woke up one morning to an avalanche of spam to the email address I'd used on compare the and not for their services either. They've been added to my filter list ever since and have never had my business again.

          (gocompare don't get my business either, but that's because of that f**king annoying opera singer - the first time I heard the advert I said I wouldn't use them until they dropped it)

          1. illiad

            Re: @Graham Marsden

            you haven't been watching the ads lately... gocompare not only 'dropped' the singer, but made a whole new range a few months ago, of various 'stars' getting various types of 'revenge' on him... keeps it amusing at least..

            BTW, you do *know* that they DO NOT SELL insurance??? the hint is in their name.... :/

            1. Kubla Cant Silver badge

              Re: @Graham Marsden

              I'm glad you explained. For the past few weeks I've been perplexed by an ad that starts with some bloke* failing to switch on Christmas lights, then cuts to the opera singer being tortured. I couldn't work out how that was supposed to generate electricity.

              * The context suggests that I should know who some bloke is, but I've no idea. This adds to my perplexity.

            2. Anonymous Сoward

              Re: @Graham Marsden

              Go Compare always gets hated why? I find that the animated girl on those confused com ads are far more annoying.

              Thumbs up if you agree.

              1. MJI Silver badge

                Re:Go and die

                Had an old recording on TV yesterday, someone forgot to skip the adverts, I had to run across the room, (next room to TV) and I nearly kicked in my TV to shut it up.

                Power switch was first thing to hand, I know I shouldn't do but it does have a 5 year warantee.

                BTW they are on my permanent shit list along with 4 or 5 other companies.

            3. HipposRule

              Re: @Graham Marsden

              @illiad - someone who actually watches adverts rather than fast forwards - God forbid

            4. Chris007

              Re: @illiad

              Clearly you've not watched the ads lately as that annoying f**cking opera singer is very much on them and still singing (Stephen Hawking black hole ad...).

              Plus I never said that they sold insurance - clearly you never read posts correctly either.

          2. Field Marshal Von Krakenfart

            Re: @Graham Marsden

            Go Elsewhere

            Go Elsewhere

            If you find this ad is annoying then Go Elsewhere

            And you'll thank your stars that you went to Go Elsewhere

            1. DF118
              Thumb Up

              @Graham Marsden

              Yep, I do the theirname@mydomain thing too. It's always fun to catch a genuine evil spammer or unscrupulous etailer who has sold on your details without asking, as opposed to the (relatively) innocent marketing spam from which you can unsubscribe. Funnily enough, whenever the former has happened and I've received some real lowlife spam to a unique address, the companies concerned have always claimed it was a malware-infected email server.

              Another problem is people harvesting your paypal address. There's not much you can do about that since it pretty much needs to be static unless you're prepared to change it periodically. I get around that by having all emails which come in to my paypal address (apart from the ones coming from paypal itself) dumped in a folder of their own, from which messages over a month old are automagically purged. Each sender gets a one-time auto-response containing a generic "transaction acknowledged" message and warning that I am unlikely ever to read their email.

          3. Eddy Ito Silver badge

            Re: @Graham Marsden

            One of my favorite tricks to use in conjunction with is to scan the incoming address to check if it is actually coming from 'some company' and if it doesn't I automatically redirect it to something like I've gotten some very cross emails but I almost never get spam on unless they run to their admin who sets up a filter on that end.

        3. The Boojum
          Thumb Up

          Add in a password tracker like LastPass. Records all these hundreds of email addresses and generates and stores unique, complex passwords for each one.

        4. ScottK

          I have my own domain and always use a customised address for each company. I also always click the do not share my email address tickbox in the vain hope that companies might actually honour it. The worst offender I have ever dealt with is Thomson Fly. I once flew with them about 9 years ago and have since received a huge amount of unrelated crap addressed to tfly@ my domain. If I still lived in the UK I might consider a complaint to the data protection registrar, but a kill filter is a simpler option.

          1. DF118
            Thumb Up

            @ ScottK

            ...that's if they even provide "do not contact" and/or "do not sell my details" tickboxes. SMBs are terrible for just harvesting (especially when you pay with PayPal) and expecting you to be ok with it. I've had some real idiots who refuse to acknowledge that people might get pissed off at that kind of behaviour. Even had one try to tell me her email wasn't spam ("because my shop actually exists").

        5. Anonymous Coward
          Anonymous Coward

          stop advertising your defenses

          Dude, could you please stop advertising this defense method? The only reason it works is because it's not popular. Two lines of code and the spamers can bypass this safety. The longer we can ride this train empty the farther we go. Yes I'm being selfish, but this is a war and I'm OK with not making my bunker a bigger target. Please...

    4. AndrueC Silver badge
      Thumb Up

      I have my own domain and run my own mail server. I achieve the same thing using a wildcard alias system ;)

      1. Vic

        > I achieve the same thing using a wildcard alias system ;)

        I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated. That makes dictionary attacks painful to you and valuable to the spammer.

        Far more effective IMO is to use an aliases file - allocate a fresh email address every time you give one out. If one gets abused, stub it out with a comment that it was abused. that way, the spam stops, and you've got a record of the abuse should you ever be tempted to deal with that company again.


        1. AndrueC Silver badge

          > I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated

          No it's not quite like that. The wildcard has a specific format so it won't match just anything - there has to be a certain substring present. If you send an email to 'anyoldcrap@mydomain' it'll go straight in the bit bucket. Indeed I get several dozen attempts from spammers along those lines every day. It's basically the same set up as using '+' - you need to know the basic rule :)

          I don't think the risk from exposing my strategy is very high. The spammers would still need to work out the substring I use and I can easily use a different one. Because it's a multi-part name it makes a dictionary attack far harder. I think one of them might actually have guessed the substring a few years ago. At least I started getting spam to it and I only ever used it for reminders. However they haven't twigged that it is substring so it doesn't matter much. I just blacklisted it.

          If they twig how the wildcard works I'll just add a second substring. Or maybe a third. I bet it'd take a while for (example only) abc.321.zmd.<whatever> to be compromised :)

    5. JCitizen

      At least give them a bad rating...

      on Web Of Trust so the rest of us will know we don't want to do business with them. I will go out of my way to avoid a business with even a yellow rating, as spam is usually the problem with registering at that site. WOT is the most effective way we have to get even with these shoddy bunch!

    6. miknik

      I send it back to them

      I've got my own domain, so when I have to sign up in this way the email address I use is

      If I start getting a load of spam then I just create a mail forwarding rule on my domain and point that address back at the contact email address for the relevant company.

  2. Anonymous Coward
    Anonymous Coward

    They don't even spam well

    For those of us who mostly try to avoid HTML emails, 80% of the 'proper' companies won't include plain text, or worse only put their message in some image that would have to be downloaded. Sorry. I can't read what you're saying...

    1. Adam 1 Silver badge

      Re: They don't even spam well

      The main reason that online images are used is that the sender can track when you have read the email.

      1. Kubla Cant Silver badge

        Re: They don't even spam well

        the sender can track when you have read the email

        Only if you're dumb enough to let your email reader download images by default.

        1. Adam 1 Silver badge

          Re: They don't even spam well

          " Only if you're dumb enough to let your email reader download images by default."

          In most cases, you cannot "read" these emails without downloading the images. Which means if you don't allow the images, you are not their target audience.

        2. Anonymous Coward
          Anonymous Coward

          Re: They don't even spam well

          "the sender can track when you have read the email"

          And they seem to get quite distressed when you turn off image download and they can't. BT, British Gas and a whole load more dont seem to get that it is actually possible to open and read their mail without them knowing about it, and in some cases actually send more crap asking why you aren't reading their "newsletters". No wonder people think they're creepy.

        3. JCitizen

          Or click anywhere on the email...

          if the images and links are not blocked. Actually I never touch anywhere on an unsolicited email. Hotmail eventually catches up to their shenanigans and blocks them all!

    2. Number6

      Re: They don't even spam well

      Unless you're in my whitelist, an attempt to send me email with an HTML part will result in it being bounced. This also takes care of an amazing amount of spam. HTML email is a security hazard, anyway.

      1. Dave Lawton

        Re: They don't even spam well

        Better still, just blackhole it, and log the sender for weekly analysis, just in case it might have been important.

    3. RW

      Re: They don't even spam well

      Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.

      Thus if your email client is set up not to render HTML, you are s.o.l.

      OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.

  3. Trygve Henriksen

    Even worse; trying to change email...

    Several of the stores I shop at still send me offers on my old address, and trying to remove it from the mailing list fails as it's no longer associated with an account...

    (Yes, they also send me offers on my new address... )

    1. JohnG Silver badge

      Re: Even worse; trying to change email...

      One way to fix that is to forward all emails to the old address from that organisation to their abuse address. I find they stop when they tire of abusing themselves.

    2. Gerhard Mack

      Re: Even worse; trying to change email...

      I try to unsubscribe once if I know it is a store I signed up with and if that fails their IP gets moved to my mail server's black list with an SMTP error message explaining exactly why I added the block.

      Life is so much less annoying that way.

  4. Martin 15

    Disposable and it's firefox plugin does it for me.


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019