Identity Theft and Email
You've not heard anything from me since June 12. It's not the result of my taking time off but having to deal with a problem that may strike you one day.
The cause is identity theft. You see it on newscasts, read about it in a variety of publications. You may even know someone who has had their ID stolen and used for nefarious means (like draining a bank account or running up credit card debt).
"There is nothing you can do to protect yourself. It's like hitting the "Oh God, no!" lottery."
There's another type of identity theft that's never mentioned, though. Like it says on the Audio Graphics page (explaining what AG has accomplished in data management
), "This web site is built as a growing base of information. We're here to explore and report." Today, I'm reporting on email address identity theft!
You may not think this is a big deal, having your email address lifted. But you also may not understand how the email system works and what harm millions of spam messages can do. That's where I've been these past five days, cleaning up a mess that's still not fully resolved.
Imagine having your name attached to spam, huge amounts of it, for everything from "premenstrual syndrome" to "lower cholesterol," "inmpotenze" (yes, that's how someone spelled it to get through the spam filters), and dozens of other maladies and sales pitches which you have no control over. Welcome to my world of late.
It's not just receiving over 15,000 bounced emails in one day in my personal email box that had me busy. Once your email address is associated with an attack like this, various spam cop companies start blocking your name, company name, and IP address. You're placed on "do not accept" lists, which are rented by companies for good reason; they are trying to keep spam to a minimum.
On any given day, Audio Graphics' email server blocks approximately 94% of all incoming email - we're talking hundreds of thousands of spam messages from around the globe. In a morning there may be an additional 300-500 new senders that have to be traced and added to this block list. Software helps, but maintenance time is still required.
The identity theft of "email@example.com" which started last Thursday afternoon was like opening the spillway gates to the Hoover Dam. One moment all is fine. Literally, one minute later I'm collecting 1,500 bounced emails each time I click on "get mail." An hour later my name, company, and IP address begin showing up on a number of spam cop lists.
A spammer doesn't care about infrastructure overload, whether an email is delivered or not, or if you object to receiving this garbage.
Harvesting names is only one side of how this email address theft happens. The other is software that's written using this logic: It sends one email to "firstname.lastname@example.org." The next goes to "email@example.com," then to "firstname.lastname@example.org, "d", "e," etc. - until it goes through the twenty-six letters. Then it starts with "email@example.com," "firstname.lastname@example.org," "email@example.com," so on, and so on - until every combination of letters you can imagine has been covered - for as long a string of letters as the spammer wishes to try. The objective is to hope they hit a combination of letters that exists at the AudioGraphics.com domain. A million combinations sent may result in 5 emails getting through. The rest bounce back as "Undeliverable."
Now, magnify this by 10,000; that's easily the number of companies and persons whose email addresses are stolen each day.
Cleanup is difficult. In this case, it means: 1) changing my registration access email address at approximately 150 web sites (deleting my main email address and establishing another at each); 2) notifying everyone who has me listed under the contaminated address of the change (many are unable to receive this notice of change because I'm blacklisted); and 3) changing all references at Audio Graphics' web sites for the contaminated address.
There is nothing you can do to protect yourself. It's like hitting the "Oh God, no!" lottery.
If your name is harvested, and the spammer identifies it as a working email, the spammer then attaches that address to its barrage of emails. Because the system works on a ping-back that verifies (resolves) the sending address as "working," once that occurs the spillways open.
Within a week or two I'll have done the following: changed address, changed my hundred-plus web site access names and email security codes (like my registration at AdAge.com), rewritten tens of thousands of pages that contain the tainted "firstname.lastname@example.org" contact address across Audio Graphics' multiple web sites, and notified friends and peers on my mailing lists by using a new address.
The next step is to cross my fingers. Email identity theft is one of those things you never consider happening to you until you've seen 2,000+ bounced messages when checking your email. Here's hoping your luck is better than mine. This is one lottery you don't want to win.
Today's indie introduction is to...
When an artist has the power to please they should be given a chance to be heard.
Give Kimmie Horne's "Sleepless Nights" a listen
Add it to your playlist, free!