Customer getting Spam email from Vonage-only address

Posts: 3 · New Forum Member Joined: Dec 12, 2006 Posts: 3

NateHoy,
FYI the headers were... [ with my domain replaced with yyy or I'll be posting my own email addresses Sad

]

Return-Path: <Affiliate155@seomasterhub.com>
Delivered-To: john@yyy.user
Received: (qmail 12791 invoked by uid 504); 11 Dec 2006 21:52:50 -0000
Delivered-To: vonagespam@yyy.com
Received: (qmail 174 invoked by uid 504); 11 Dec 2006 21:52:50 -0000
Received: from unknown (HELO seomasterhub.com) (72.4.175.199)
by <mail server at yyy.com> with SMTP; 11 Dec 2006 21:52:50 -0000
Message-ID: <1140CBFE.629FE520@seomasterhub.com>
Date: Mon, 11 Dec 2006 20:43:36 -0200
Reply-To: "Michael Matson 10joy-love" <Affiliate155@seomasterhub.com>
From: "Michael Matson 54joy-love" <Affiliate155@seomasterhub.com>
MIME-Version: 1.0
To: <vonagespam@yyy.com>
Subject: I'll send you mini course on credit repair - 22tks73
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

.... content includes...

My name is Michael Matson
....
Check it out: http://www31.seomasterhub.com

There is absolutely zero risk, and it's packed with insider knowlege to make your credit score sing.

Again here is the link: http://www75.seomasterhub.com
...

The other email was also from
Received: from unknown (HELO seomasterhub.com) (72.4.175.199)

Posts: 3 · New Forum Member Joined: Dec 12, 2006 Posts: 3

Regarding the likelihood that Vonage is at fault (hacked or sold) versus some other cause of this leaked email address I am closer to gjb's "definite" conclusion than Natehoy's "maybe/maybe not" or trekologer's "random email address" theory.

If I had to bet on it I'd say I'm about 95% sure it's Vonage that has been hacked or has sold me out.

Why?...

Trekologer: I also have a "wild card trap" for all email addresses at this domain, and see a lot of random generated names... none of it comes close to randomly generating "VonageSpam@yyy.com"

NateHoy: I have given out a unique email address to maybe 50 to 100 corporations/web sites/etc. Only two have been used for spam - one was an obscure BBS for Dazzle brand video hardware 7 years ago - which looked like it was run on someone's PC Wink

the other was Vonage.

If the leak came from...
a) My PC,
b) My ISP, or somewhere higher on the backbone,
c) My incoming mail server,
then why was VonageSpam@yyy.com the only address stolen?

NateHoy wrote: "If you have that email forwarded to any one of a number of free email services, then the email address is sitting on their servers as well."
But I am not using any "free" e-mail addresses. As I noted I have never cc.ed, sent to, mentioned that email unique address, except to Vonage. (Until today).

NateHoy wrote: "And, of course, all email passes through the Internet in open, unencrypted form, and is forwarded through many servers along the way. A simple pull of the logs from a server could harvest a good number of SMTP headers."

The email from Vonage to me only passes through two servers - Vonage outgoing email and my yyy.com incoming mail server. However it does pass through 20 or so routers getting to me. Yes, in theory, they could be compromised.

Another theory is that the Linksys firewall/router I bought from radioshack was a "returned item" that a previous user had installed some firmware patches into - to skim email addresses - but that's a very small part of the 5% chance that this is not Vonage's fault.

Also, the Colts will win the SuperBowl.
I'm 95% sure of it Smile