2642 Views 7 Replies Latest reply: Feb 19, 2009 8:45 AM by Kurt Lang
It only takes one person that you've used the email for to share the information. Though it's highly unlikely Apple did any such thing on purpose. Someone also may have hacked into the support servers in Ireland and pulled a bunch of email account names.
Other than that, you could easily just be the target of a brute force mailing. A spammer finds out the name of a domain (such as apple.com) and then starts a blind mailing of millions of emails starting with firstname.lastname@example.org, email@example.com, and so on, incrementing out as many places as they want to try. They don't care how many bounce back as undeliverable. The ones that don't also tell them which ones are real and so gets those names on a list to get more junk.
you could easily just be the target of a brute force mailing
Yes, having my own domain, I thought of that possibility, too.
That's why I wanted to check here if someone else has experienced a similar issue with their Apple ID or if it's just a coincidence.
By the way, I used to have a "catch-all" mailbox, but my hosting provider disabled that function few years ago exactly because of such spam attacks. Hence I had to enable about 150 forwarding addresses afterwards, because I have always used a dedicated address for each site or software I registered...
On the other hand, my other "login addresses" remain unspammed so far, with the exception of a macupdate.com registration few years ago which must have leaked apparently. (To be fair though, my subsequent registration at macupdate.com is still "safe" after three years, so it doesn't seem to be a general privacy issue with them.)
I used to have a "catch-all" mailbox, but my hosting provider disabled that function few years ago exactly because of such spam attacks.
Yes, you definitely don't want the catch-all set to "Save". They should always "Bounce", which is probably what your ISP did for you. Otherwise email that doesn't even have an existing name gets dumped into your real mail box.
Not the ISP, but my hosting provider.
They actually removed the "catch-all" option from the mail server backline altogether while they were redesigning the admin control panel. In fact, I was even one of their volunteer beta testers then, so at first I loudly protested after I have noticed that they did... But additionally they claimed that most of their customers supposedly never used it anyway. Hard to imagine when they advertise they are serving over 100,000 domain names, but what can a lone customer do...
Anyway, later I have accepted that it was probably a wise decision, given the upcoming amount of such attacks.
Message was edited by: Lukas (corrected a wrong expression)
Not the ISP, but my hosting provider.
Oh! Yes, my hosting provider does that too, though I can still change the catch-all setting if I want to. I don't know why anyone would want it on anything but bounce anyway. What your provider probably did was remove the ability for anyone to change the setting from anything but bounce.
I don't know why anyone would want it on anything but bounce anyway.
Well, it was fun while it lasted. I could simply tell my clients to email me at firstname.lastname@example.org. But yes, after the spammers found out that even sdjfbcrzsadned@my_domain.com doesn't get bounced, that's where the big trouble with catch-all starts.
Anyway, I have argumented that if none of their customers ever uses catch-all anyway, it wouldn't hurt them much if they would leave the option available for those few who might make good use of it. For instance if you have a domain without actually running a corresponding public web site, making it harder for the spammers to guess if such a domain exists in the first place.
But as I said above, what can a lone customer do...
what can a lone customer do...
Ah, I forgot about that. That's likely what happened, though not intentionally by a client.
If any of your clients use Windows, then there's a possibility that at some point, they received a virus that emailed itself back out, using one of the names in that person's address book. At one time, a virus must have randomly chosen your address and it got sent out that way as the spoofed sender.
There's various other ways it can happen, but in short, it's extremely difficult to keep a valid address hidden forever.