One of my email addresses has just received the following spam:


We recently have determined that different computers have logged onto your PayPal account,
and multiple password failures were present before the logins. We now need you to re-confirm
your account information to us. If this is not completed by March 10, 2009, we will be forced to
suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank
you for your cooperation in this manner. To confirm your Account records click on the following link:


http://www.paypal.com.webscr.login.using.ssl.dll22kp.com: 8085/service/<snip>?cmd=_login-submit

Thank you for your patience in this matter.
PayPal Customer Service.
Please do not reply to this e-mail as this is only a notification.
Mail sent to this address cannot be answered.

1999-2009 PayPal. All rights reserved.

This is obviously a scam, but what I'd like to know is how the spammer received an email address which is known only to dcresource.com?

Prog.

I just got that too. Didn't connect it with DCRP though. I sent a copy to paypal & am awaiting a response.

Nah... Worst that can happen here is somebody gets an account and then uses it to send spam via DCResource. That's happened a few times in the past.

I'm certainly not selling anybody's e-mail addresses. Is your address viewable in your forum profile? It's possible that they harvested addresses that way.

No address viewable as far as I know Jeff. I take that back yes it is viewable so it could be that. Hopefully it's as Rhys said & no harm's been done.

I'm certainly not selling anybody's e-mail addresses. Is your address viewable in your forum profile? It's possible that they harvested addresses that way.

My email address isn't showing in my profile as far as I can see.

Moreover, the compromised address is the one I used for registering to the newsletter (dcresourcenewsletter@domain1), while the one I use for forum notifications is a different address (myusername@domain2).

Prog.

Spammers always find a way to get email addresses. A legitimate site doesn't have to sell it to them.

The way I see it, there are two possible explanations:

(1) The unlikely - my mail was sold by dcresource to spammers. Jeff said they don't do this and I believe him. I just wanted to ask to be sure.
(2) The more likely - the database holding my email address was compromised. This is still a serious issue, one which I think warrants security measures to be improved.

Prog.

The way I see it, there are two possible explanations:

(1) The unlikely - my mail was sold by dcresource to spammers. Jeff said they don't do this and I believe him. I just wanted to ask to be sure.
(2) The more likely - the database holding my email address was compromised. This is still a serious issue, one which I think warrants security measures to be improved.

Prog.
If that database has been hacked, that's news to me. The vBulletin people are very good at catching security leaks, and I keep the forum running on the latest versions of the software.

Just to make it absolutely clear: I do not sell anyone's information.

i'm surprised you can draw a link to any site or action at all. i have 3 email addy's and all of them filled with spam almost immediately and have continued to do so no matter what i do. as don suggested, these guys arent part timers, they are career spammers. they work out ways to grab this stuff.

i'm surprised you can draw a link to any site or action at all.

It's actually quite simple. The email address that received the spam is in the format dcresourcenewsletter@domain, and I've only used it for registering with this site's newsletter.

Prog.

The address may have been harvested through some form of hack on the @domain mail server.
Another possibility is that somewhere along the line you have forwarded a newsletter to a third party who has in turn been hacked.
Once a email address is hacked it passes like wildfire through the spam community so expect a rapid increase in the number of spam emails in your inbox. I just cleared 56 out of one of my addresses (all received in about the last 12 hours), there was only one legit message.

I have an email address dedicated to PayPal and it gets spammed regularly. Does that mean PayPal is unsecured? No, it doesn't. It means spammers are good at what they do.

If you have the word "Paypal" as your username then it's clear why your address is spammed. It's a very common word, and spammers just guess (http://everything2.com/index.pl?node_id=1022639) it:

http://www.google.com/search?&q=Paypal --> 435,000,000 results
http://www.google.com/search?hl=en&q=dcresourcenewsletter --> 0 results outside this thread

Prog.

It's not "paypal"

Does a search for this word in Google return 0 results?

Prog.

Any email address that's registered anywhere on the WWW can and will be spammed at some stage.

Simple, irrefutable logic. There's absolutely no point in suggesting that it's somehow a result of Jeff's site security (or perceived lack thereof) and/or or his server(s). This was — and is — a pointless thread, from post 1, and may as well be locked.

Cheers.

I just cleared 56 out of one of my addresses (all received in about the last 12 hours), there was only one legit message.

yeah, i have a similar problem, its out of control. and i dont even go to the porn sites you go to.

Any email address that's registered anywhere on the WWW can and will be spammed at some stage.

Wrong. I get zero spam to other email addresses have the same domain as my dcresourcenewsletter address. In fact, the latter is a newer address and one that's less active, yet it still received spam. Now, since you profess to be an expert about spam, can you comment on the possible technical reasons for the difference?

Prog.

Now, since you profess to be an expert about spam, can you comment on the possible technical reasons for the difference?

Yes. Luck.

Yes. Luck.

Luck had nothing to do with it. There's no way a spammer could be lucky enough to guess an email address starting with "dcresourcenewsletter" (a word that hasn't appeared anywhere else on the web).

Prog.

8 of your 15 posts is in this thread. Could you like, oh I dunno...let it go? Once upon a time, Jeff didn't sell your email address. The End.