Page 1 of 1

Spamgourmet addresses highjacked by spammers

PostPosted: Fri Jul 18, 2008 4:04 pm
by klever
I just noticed an onslaught of spam emails coming from spamgourmet email addresses I did not create but look like mine. Sure enough, I looked in my account found 14 new addresses that were created almost simultaneously. If I disable the watchword that all of these addresses use, I assume this will prevent that watchword from being used again. My question is, does it disable any legitimate spamgourmet addresses containing that watchword?

PostPosted: Sat Jul 19, 2008 5:03 pm
by vellire
The same thing happened to me - I had 18 disposables created almost simultaneously yesterday.

PostPosted: Fri Jul 25, 2008 2:42 am
by kevins10
This has been happening since at least April, Spammers obviously are becoming more and more aware of Spam Gourmet. Why they're doing this isn't so clear, as it doesn't really help them any. It may just be out of spite.

Existing addresses stay good even if the watchword is changed, you might have to manually set some of the spammer-created addresses to 0 remaining to avoid further spam through them due to this. (When this happened to me they only used each address once resulting in one back-scatter spam coming through, they haven't used any of them since according to the sent/eaten counts.)

What I'm doing now was suggested by someone else on here. I forget which thread now, but set up a watchword (or two) that are unlikely to be guessed, then just login and create an address manually when you need one. You can do that from the the link for sending an E-mail from one of your disposable addresses, just put in an address of your own as the address to send to, fill out the other info, and it'll create the address.

PostPosted: Sat Jul 26, 2008 9:25 pm
by SysKoll
Unfortunately, there is very little we can do about that problem. Addresses that have been created with the correct watchword must be zeroed manually.

Someone suggested to have a button for zeroing and hiding an address in the same operation. I'll be looking into that.

PostPosted: Tue Aug 12, 2008 7:44 pm
by sg-since03
What I'm doing now was suggested by someone else on here. <etc>

That would be me...

Your summary covers it. FYI, my suggestion and the discussions that led up to it is/are here:
http://bbs.spamgourmet.com/viewtopic.ph ... ight=#5190
http://bbs.spamgourmet.com/viewtopic.ph ... ight=#5196.

PS re:
You can do that from the the link for sending an E-mail from one of your disposable addresses, just put in an address of your own as the address to send to

If all you want to do is create an address, you can put anything with an "@" sign in the "send to" field. "a"@"b" .com, say; anything you can type quickly! :wink:

PostPosted: Tue Aug 12, 2008 8:25 pm
by sg-since03
Someone suggested to have a button for zeroing and hiding an address in the same operation. I'll be looking into that.

Nice idea; perhaps you could implement it together with mine, posted in the "Updating multiple 'remaining' count easily" thread:

"Please Josh & Syskoll, add an editing interface to the address list display. You could set it "Off" by default, similar to 'Show Hidden Addresses.'"

poor coding

PostPosted: Mon Aug 25, 2008 4:18 am
by Jim27106
Why they're doing this isn't so clear, as it doesn't really help them any. It may just be out of spite.


I suspect spammers aren't the best coders in the world. I've seen things come through with hex codes on them that looked like programming errors.

I've seen truncated addresses. One was "es-2005.sort-job.xxx@ dfgh.net" which I thought was Employment Security commission. Turns out it was the tail end of "littles-2005.sort-job.xxx@ dfgh.net" which had been on a discussion board or something like that.

PostPosted: Mon May 07, 2012 11:32 am
by Andy_
Hi,

I can't understand how spammers can create disposable addresses in our accounts. Surely, they must be able to login before they can create an address!

Can someone explain?

Thanks

Variant issue

PostPosted: Mon Jun 04, 2012 7:01 pm
by dl97
Andy, addresses are auto-created the 1st time they receive an email, so anyone (spammer or you) can create addresses once the base/acct name is known.

Wanted to add a recent variant of this issue: Since 5/18 I've gotten spam at new addresses about once a week where they removed the 1st letter from existing addresses each time. e.g. my addy = fractalsedge ; new/spam addy = ractalsedge. Or mine = usconcealedcarry ; new/spam = sconcealedcarry

4 new addresses have been created via these means so far (I zero out the new addy as soon as they arrive). Anyone else experiencing this?

Re: Variant issue

PostPosted: Tue Jun 12, 2012 5:56 am
by ZZ1
dl97 wrote:Andy, addresses are auto-created the 1st time they receive an email, so anyone (spammer or you) can create addresses once the base/acct name is known.

Wanted to add a recent variant of this issue: Since 5/18 I've gotten spam at new addresses about once a week where they removed the 1st letter from existing addresses each time. e.g. my addy = fractalsedge ; new/spam addy = ractalsedge. Or mine = usconcealedcarry ; new/spam = sconcealedcarry

4 new addresses have been created via these means so far (I zero out the new addy as soon as they arrive). Anyone else experiencing this?


I have this too. This way they are trying to have watchword intact in case if one is setup.
I myself would actually like an option to disable creation of new emails by user. I have been with spamgourmet for over 10 years now and i only created ~40 emails to handle my spam. What i get used to do now is temporary reopening old emails when needed.
Takes more time, sure but email database is easier to handle also

Re: Spamgourmet addresses highjacked by spammers

PostPosted: Mon Apr 02, 2018 11:28 am
by leishirsute
Surely, it seems that spamgourmet could have some overriding switch to allow new email address creation or not.
That way we can create the addresses we want and turn off future email address creation that anyone appears to be able to create.
Watchword is an attempt but not foolproof. A setting to just stop new email address creation would be reassuring.

Re: Spamgourmet addresses highjacked by spammers

PostPosted: Sun Apr 08, 2018 5:07 pm
by josh
if you put in a sole watchword like 8fe9qfjeofqewoqjfiodjaf8djq or something, that would effectively stop address creation