October 11th I signed up on www.mynortonaccount.com. October 15th and 17th I received a spam email on the same address I used to sign up on mynortonaccount. Is this a coincidence? I don't know, but I have never received spam before. I have had this email address for 8 years and never received spam email before. Few knows about this email address because I always tried to keep it secret. And within 1 week after letting Symantec know my email address, I start to receive spam. I believe Symantec have either sold or given away my address, but I can not prove anything.

October 11th I signed up on www.mynortonaccount.com. October 15th and 17th I received a spam email on the same address I used to sign up on mynortonaccount. Is this a coincidence? I don't know, but I have never received spam before. I have had this email address for 8 years and never received spam email before. Few knows about this email address because I always tried to keep it secret. And within 1 week after letting Symantec know my email address, I start to receive spam. I believe Symantec have either sold or given away my address, but I can not prove anything.

You can check Symantec's Privacy Policy at the bottom of any Symantec web page including this one to see how they manage your personal information. I think you will find that Symantec keeps tight controls on information that you provide.

Any email account can be the target of spam at any given time due to spam generators which churn out thousands of random email address combinations in the hope of finding one legitimate address.

I have never had any issues with spam attributed to submitting information to Symantec.

Unless the content of the email you received is related to Symantec, it is probably coincidental that you received spam.

Hi! No_Toolbar,

I have never had any problems with the information I have provided Symantec ever getting out.  As was mentioned Symantec keeps a very tight lid on this information.  I have however, heard from several local businesses and the local college that some malware can produce spam especially quick if it infects a server that lists all e-mail addresses for a particular domain.  I have never sought to prove or disprove this information; but our local law enforcement has mentioned it happening before.

---

No_Toolbar wrote:

October 11th I signed up on www.mynortonaccount.com. October 15th and 17th I received a spam email on the same address I used to sign up on mynortonaccount. Is this a coincidence? I don't know, but I have never received spam before. I have had this email address for 8 years and never received spam email before. Few knows about this email address because I always tried to keep it secret. And within 1 week after letting Symantec know my email address, I start to receive spam. I believe Symantec have either sold or given away my address, but I can not prove anything.

 

 

---

I have a way of testing this in general.  I manage a client's website at which I have an unlimited number of addresses.  When I want to test a company, I will register as somespecialname@thisclientssite.com and then see if I get any spam to that address.  While I haven't tried this with mynortonaccount site in general, I did do this a number of times with the Norton beta account site.  None of those email aliases received any spam -- in fact, none of them have received any email at all beyond the initial response from Symantec.

So, without any other evidence, I would have to guess that this is a coincidence.  If you reply to the spam, you will definitely be added to their client list, so don't do anything.  Then see if the spam escalates.

Hi

A safe practice with spam if you get any is to just delete it without opening it up. You can look at the header from it if you use something like Outlook Express without opening up the email. All you have to do is click on properties and see the complete address from where it is coming. If you click on details then, you see the whole header information without opening up the email itself. I don't know if you can do that with a web based email program.

---

No_Toolbar wrote:

October 11th I signed up on www.mynortonaccount.com. October 15th and 17th I received a spam email on the same address I used to sign up on mynortonaccount. Is this a coincidence? I don't know, but I have never received spam before. I have had this email address for 8 years and never received spam email before. Few knows about this email address because I always tried to keep it secret. And within 1 week after letting Symantec know my email address, I start to receive spam. I believe Symantec have either sold or given away my address, but I can not prove anything.

 

 

---

Complete coincidence I would say.

Maybe your spamfilters missed one? I've never had an email account that I don't recieve spam on after a few weeks of it being active, but my greylisting and spamassassin kills 99.9% of it.

---

mo wrote:

What was the spam about? could you try and work back from any where you have been on the internet recently to what the spam is about.

 

---

Where I have been? Just at the normal places, and they can't sniff my email address just by visiting their web site. Apart from web forums, it is news sites I visit.

I am using Outlook Express. It could be a coincidence that I received the spam now. Apart from Symantec and my family, BirthdayAlarm.com knows my address, but they have had my address for a long time without causing spam. Maybe they suddenly turned evil? Or maybe one of my contacs got a virus, stealing my address from their address book?

I think it's strange that both the spam messages are only 1 kilobyte each. When I send an empty email to myself, it is 2 kilobytes!

I did not open the emails, but when looking at their properties I get this information:

Email 1:

Return-Path: <>
Received: from adsl-8-88-248. (adsl-8-88-248. [65.8.88.248])
   by mail30.nsc.no (8.14.3/8.14.3) with SMTP id n9FBUlc8021259
   for ; Thu, 15 Oct 2009 13:30:51 +0200 (MEST)
Received: from xwlau ([86.144.201.212]) by adsl-8-88-248. with Microsoft SMTPSVC(5.0.2195.6713); Thu, 15 Oct 2009 06:04:29 -0500
Message-ID: <20091015060429.5040803 >
Date: Thu, 15 Oct 2009 06:04:29 -0500
From: "Virginia Kendrick" <>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: *********** [ a t ] online.no
Subject: Learn how to prolonge your pleasure in bed.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Xxroufqwki: sw=gld ver=1.2 d=1h19m tld=net st=win
X-XClient-IP-Addr: 65.8.88.248

Feel the pride of being her lover. 
 

Email 2:

Return-Path: <>
Received: from gout.southflorida.edu ([67.238.66.12])
   by mail32.nsc.no (8.14.3/8.14.3) with SMTP id n9HL9EDk016627
   for <*********** >; Sat, 17 Oct 2009 23:09:18 +0200 (MEST)
Received: from synjs ([182.181.91.97])
   by  (8.13.2/8.13.2) with SMTP id 200910171452004284;
   Sat, 17 Oct 2009 14:52:57 -0500
Message-ID: <001401ca4f5a$f1953960$b6b55b61 [ a t ] B92014ECsynjs>
From: ">
To: <*********** [ a t ] online.no>
Subject: Your problems will be vanished as well as your weight.
Date: Sat, 17 Oct 2009 14:52:15 -0500
MIME-Version: 1.0
Content-Type: text/plain;
   format=flowed;
   charset="windows-1252";
   reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Xxroufqwki: sw=gld ver=1.2 d=2h16m st=win
X-XClient-IP-Addr: 67.238.66.12

Show your true power

I edited out my own email address. I don't think my IP is anywhere in the above text, but if anything there can possibly reveal my computer's identity, please notify me.

No Tool,

I doubt that spammers got your e-mail address from Symantec. Nonetheless, if you want more protection, consider using disposable e-mail addresses. One of the best services is Spamex. For a very modest annual fee, you'll be able to use up to 500 disposable addresses. Use a unique address for each website where you register, etc. If you start getting spam, you'll be able narrow the source and, most importantly, you can easily pull the plug. Just delete that address. Your primary address remains safe and secure.

---

mijcar wrote:

 

I have a way of testing this in general. I manage a client's website at which I have an unlimited number of addresses. When I want to test a company, I will register as somespecialname@thisclientssite.com and then see if I get any spam to that address.

 

---

I also use different ways to test companies. I have alot of Hotmail and Yahoo email accounts, it makes it easier to know who sold my address if I receive spam.

And one more tip for you: I also make up different middle names, and sometimes I use only the initial of a middle name. And I keep track of which middle name (or initial) I use with different companies. A company only have to know my real first name and my real last name. The middle names I use for testing them.

---

 

metalhead82 wrote:

 

Complete coincidence I would say.

 

Maybe your spamfilters missed one? I've never had an email account that I don't recieve spam on after a few weeks of it being active, but my greylisting and spamassassin kills 99.9% of it.

 

---

The only accounts that receive spam is a couple of my Hotmail accounts. I'm using special address names to make it unlikely that a bot can randomly generate an address that matches one of my addresses.

And as for my ISP address, I have only received these two spam messages in 8 years. I am using Norton Anti-Spam, but I will know if it catches spam because it goes into the spam-folder. The spam-folder have never ever received any messages. (These two spam mails got into my inbox.)

---

Brubaker wrote:

No Tool,

 

I doubt that spammers got your e-mail address from Symantec. Nonetheless, if you want more protection, consider using disposable e-mail addresses. One of the best services is Spamex. For a very modest annual fee, you'll be able to use up to 500 disposable addresses. Use a unique address for each website where you register, etc. If you start getting spam, you'll be able narrow the source and, most importantly, you can easily pull the plug. Just delete that address. Your primary address remains safe and secure.

---

Yeah I realise that it's unlikely that Symantec did it. I wish I had received the spam a few days before I signed up, not after.

I don't know if it's the same, but I can make "disposable" ISP addresses. I've made one. When I open Outlook Express, I have to go into one of the menues and change identity when I want to check if the other address have received something. I'm not sure if I can make unlimited number of addresses (probably not). I don't pay extra for this.

I have a great number of Hotmail/Yahoo addresses, in a way most of these are disposable. And it's free.

Hi! No_Toolbar,

Please read the following article: http://voices.washingtonpost.com/securityfix/2009/10/trove_of_hotmail_passwords_pos.html .  It has inherited a pop-up since I read myself; but if you have your browser's pop-up blocker turned on it does not show up.  Remeber all it takes is for one account to be compromised and all accounts within that e-mail service domain can be as well.  The possibility is remote but it is still there. If an account gets compromised contact the service provider to have it terminated.  Someone could be doing things with your compromised account that you would not like.

Although a lot of advertising is the result of sold email lists, most genuine spam is probably not.  Spam is spam is spam.  People don't get rich off of spam and the people stupid enough to respond to spam are not the kind of people intelligent enough to purchase security systems, use products like Quicken, etc.  For a spammer to invest the kind of money necessary to buy a high-end mailing list would be the height of stupidity.

So where then do these spammers get their mailing lists?

1.  From people who register at "free" sites such as porn sites, various fly-by-night sites catering to various "special" interests that range from slightly akilter to totally off the map.  People who visit these "extreme" sites are much more likely to be succeptible to the blandishments of email offers that would raises the hairs of most totally sane people.  So the next time you visit a site that offers a cure for back pains and the cure is based on your astrological chart and various crystal auras determined by your birthdate, you can be almost certain that all that data will be funnelled to a number of spammers who will immediately add you to their target list.

2.  Related to 1 above is joining or posting at various forums for the kinds of activities mentioned in 1.  If any data related to you is available through the forum posts, there is probably someone harvesting that information to pass on to spammers or use for their own spam.

3.  Of greater technical difficulty, but not that difficult, are email address harvesters - computer apps that essentially wander the internet and collect random addresses as they come to them.  These addresses are great if you don't care who you're spamming, but they require servers or equipment capable of storing millions of items and directing email at them.  Since the addresses usually come without any user data (first name, last name, age, etc), the spam can't really be personalized so it is pretty obvious that it is spam.  Still, done right, with good images from Wells Fargo, it can appear valid to anyone who actually has a Wells Fargo account; so it can pay off to the spammer.

4.  And then there is the name generator.  Write a piece of software (it can be done in less than half an hour) that creates random sequential names (aaaaa@aol.com, aaaab@aol.com, aaaac@aol.com, etc) and send them off with a link in the body of the email that the user is supposed to click if he or she doesn't want any more email.  Of course, anyone who clicks the link validates that the email address is a working one with an active user; and the name ends up on a working email list.   Assuming the spammer cares, they can also delete any addresses rejected by MAILER-DAEMON.  Not to do so would result in the spammer getting spammed by return email (although they can simply use their own filters to block such email).

5.  Not quite finally, you can be sure that spam lists are shared between some spammers who don't see each other as competitors.  This accounts for the rapid escalation in spam that a lot of us experience.  Once an address is established as valid (at least to the extent that it doesn't get bounced back by MAILER-DAEMON, then it takes on its own life.

6.  And, as Flop mentions in the post that follows, there is also the danger of hackers getting addresses from legitimate businesses (shows I can't think of everything).

So that's it in a nutshell.  As it has so often been put:  SPAM HAPPENS!

I can tell you for a fact that I doubt it is norton/symantec that leaked your address.

Like someone else here in this thread I have access to unlimited email addressed in my own domain.   Whenever I need an email address for a site I create a new one that silently re-directs to my regular email box.  I can tell which address the message was sent "To" but the sender never knows my real email address.

When I registered at mynortonaccount.com I used and email address that looked something like norton@mydomainname.[org/net/com].. I have never received one piece of unsolitiated email that was sent to that email address.

---

No_Toolbar wrote:

I don't know if it's the same, but I can make "disposable" ISP addresses. I've made one. When I open Outlook Express, I have to go into one of the menues and change identity when I want to check if the other address have received something. I'm not sure if I can make unlimited number of addresses (probably not). I don't pay extra for this.

 

I have a great number of Hotmail/Yahoo addresses, in a way most of these are disposable. And it's free.

 

---

Actually, no, it's not the same. Once you've created a Spamex disposable address, any mail sent to that address is automatically forwarded to your primary address. In your case, that means that it shows up in your Outlook Express inbox. No additional action is required. If you reply to an e-mail, it returns via the same protected route. The recipient only sees your disposable address (the same one you provided to them).

Granted, there is a fee, but $9.95 per year is an absolute bargain for the service provided. This isn't the place to go into particulars. If you're interested, take a look at their website, and there's a somewhat dated but still valid review at PC Magazine.  

Just a thought.

Hi Tool

Remember all the hotmail,live.yahoo and all the other accts that got compromised. They said that was done by spammers also. It could have very well come from one of those.

---

Tech83 wrote:

Hi! No_Toolbar,

 

Please read the following article: http://voices.washingtonpost.com/securityfix/2009/10/trove_of_hotmail_passwords_pos.html .  It has inherited a pop-up since I read myself; but if you have your browser's pop-up blocker turned on it does not show up.  Remeber all it takes is for one account to be compromised and all accounts within that e-mail service domain can be as well.  The possibility is remote but it is still there. If an account gets compromised contact the service provider to have it terminated.  Someone could be doing things with your compromised account that you would not like.

---

Well, thank you.

I'll quote a part of the article here:

---

If you use Microsoft's free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend.
 
In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme. 
 

---

 

In simplified English, what are they saying?

I don't think I have been the victim of phising. My Hotmail accounts are safe?

---

floplot wrote:

Hi Tool

 

Remember all the hotmail,live.yahoo and all the other accts that got compromised. They said that was done by spammers also. It could have very well come from one of those.

---

No I don't think so. It was my ISP email address that received spam, not any of my webmail accounts.  :)   If they did not hack my ISP too... but I doubt they would care about a small country ISP. If they were to hack someone, why not hack something big, like America Online.

No_Toolbar,

Get Mailwasher Pro from Firetrust and delete the SPAM messages right off the server without them ever getting to your email inbox. Opening the emails or even having them downloaded off the server is sometimes all the spammers need to know that the address is a good one. I have been using it for years and have cut my SPAM ot almost NIL.

Hi Tool

Your ip shows up in headers of emails. It's easy to look up an ip and see what block of ip's that came from and then see the isp who provides that block. I don't know the sites to do that, but I do know it can be done. If you are on a router, I think it makes it harder, but I think it could be done. Unfortunately, there are ways people can send out spam and find addresses. I think a lot of the spammers just pick random numbers and end up with some legit ones too. There are times I feel like even when I send out an email to a friend and I mention some things in the email,  I seem to get spam about that topic. I sometimes feel like that my emails are read along the way to the recipient.