Curious: Three Spam-Free Addresses that Shouldn't Exist
By Ken Magill
Conventional wisdom has it that sooner or later spam will hit an email address no matter how careful the address's owner is. I may have evidence that conventional wisdom is wrong.
For conventional wisdom, take the following blurb from About.com as an example: “All it takes to get on the mailing lists used by spammers is an email address. There is no need to sign up for anything or ask for emails. The spam just starts coming, out of nowhere, apparently without any plan, and without a reason. It invades email addresses that are never used.”
The article then goes on to explain—among other spamming tactics—dictionary attacks where spammers combine common domain names with random names and combinations of letters hoping to get a hit.
But consider this: As some readers may remember, in March of 2012 I set up three dummy accounts, one at Hotmail, one at Gmail and one at Yahoo, and signed them up for 30, 20 and 20 email lists, respectively.
The brands were a random mix of top retailers, non-top retailers, media, and liberal and conservative political lists.
With the exception of four brands that sent confirmation massages that required a response, I have not clicked on any of the messages received since I set up the accounts.
I began the experiment to see if mailers hitting a single, utterly disengaged email address would start getting shoved off into the spam folder. Some folks I respect informed me email reputation doesn’t work that way—that one disengaged address would simply register as a minuscule negative blip in the sender’s overall reputation with ISPs.
So be it.
However, in checking all three addresses yesterday, I found that just three brands were getting sent to the address’s spam folders, two at Hotmail—or Outlook as it’s called now—and one at Yahoo. No brand messages were in the Gmail spam folder. In fact, Gmail doesn’t even show a spam folder for that account.
Most interestingly, though, is that none of the accounts has any actual spam in their spam folders. No Nigerian 419 emails, no Viagra pitches, no porn, nothing.
The only messages appearing in these accounts are from senders to whom I supplied the addresses.
According to conventional wisdom, this should not be possible. The addresses are BobSimon647_at_the three providers. One would think BobSimon647 would be an easy target for a dictionary attack.
Maybe the ISPs have figured out how to prevent dictionary attacks.
One conclusion I think we can draw is that major brands are not sharing email addresses and major email service providers’ security is not as leaky as some would have us believe.
Out of signing up for 70 brands, not one subscription resulted in any of the three addresses getting into the hands of spammers.
This to me says consumer behavior is largely responsible for how much spam individuals get.
I would very much like to hear from some experts on this.