I like to use email aliases for every online subscription and registration I have to fill out. I like this because it allows me to recognise if companies are going to spam me or not. I also make sure that any checkbox for extra mails that is checked will be unchecked. Unfortunately, not all companies care about that.
One of them is Adobe, well-known from it’s PFD reader but I also happen to use Adobe Lightroom, which requires an online registration. Which I had to fill in, else I would not be able to use the software properly. Okay, so I did. And I used an alias.
Today, I received an unreadable email because the images inside are blocked by my mail reader. They seem to have given or sold my address to kieseentablet.nl who likes to spam many people with all kinds of garbage. I think they’re trying to sell me a DVD box in this message, but I’m not sure and don’t want to know. Viewing those images would mean that my mail reader has to contact their servers with a special code, and that code will validate my address.
I have reported it to SpamKlacht and I hope they will take action against this spammer and against Adobe. Adobe is just as guilty for not keeping my address safe. They violated my privacy by sharing that address with others.
I will show the headers of this email, though. And I hope most spam-filters will pick this up and add this spammer to the blacklist. They should blacklist Adobe too, in my opinion, because this pisses me off! I expect some small internet-companies will leak my address but Adobe is supposed to be a serious, big international company. They just don’t care about their customers, that is clear…
Delivered-To: xxxxxxxx@xxxxxxxx Received: by 10.50.173.36 with SMTP id bh4csp113728igc; Mon, 13 Jan 2014 00:38:24 -0800 (PST) X-Received: by 10.194.104.66 with SMTP id gc2mr1505781wjb.75.1389602303789; Mon, 13 Jan 2014 00:38:23 -0800 (PST) Return-Path: <email@example.com> Received: from mta2.parfumvandaag-mail.nl (mta2.parfumvandaag-mail.nl. [22.214.171.124]) by mx.google.com with ESMTP id md15si7043232wic.62.2014.01.13.00.38.23 for <xxxxxxxx@xxxxxxxx>; Mon, 13 Jan 2014 00:38:23 -0800 (PST) Received-SPF: pass (google.com: domain of firstname.lastname@example.org designates 126.96.36.199 as permitted sender) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=pass (google.com: domain of email@example.com designates 184.108.40.206 as permitted sender) firstname.lastname@example.org; dkim=pass email@example.com; dmarc=pass (p=REJECT dis=NONE) header.from=kieseentablet.nl Received: from localhost (localhost [127.0.0.1]) by mta2.parfumvandaag-mail.nl (Postfix) with ESMTP id 16895163B348 for <xxxxxxxx@xxxxxxxx>; Mon, 13 Jan 2014 09:38:23 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=kieseentablet.nl; s=default; t=1389602303; bh=Z5MpxKWITtojtkQ1ghnUMKSgLY4=; h=From:Reply-To:Subject:List-Unsubscribe:To:Date; b=o30KntUOp1TaT2j506DJmyK7Ak0hC2iWnPtEk+hDr6apIyYZyP3C1km805OO9c0Tb XnmzMnoyYn4XjgiFCStU2qKXZurqGGnr5dy2+J0b62I1dyHSISEVwvb2rfYW+3KRrX /dlIBtWM5mxPu7pencyad+BB8b9N+1coafAi6J/8= MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_cc78254c8040f1935d8f257c8e3ed1ee" From: "Welkomstgeschenken Kies een Tablet" <firstname.lastname@example.org> Reply-To: email@example.com Subject: U ontvangt de complete Penoza DVD box List-Unsubscribe: ,<mailto:firstname.lastname@example.org?subject=unsubscribe_29865> X-Slip-uID: 2011425 X-Slip-active: N X-BeverlyMail-Recipient: xxxxxxxx@xxxxxxxx To: xxxxxxxx@xxxxxxxx Date: Mon, 13 Jan 2014 08:38:23 +0000 X-BeverlyMail-MTA: 74 Message-ID: <1389602303-567845345AB@kieseentablet.nl>
Interesting to know is that Adobe got hacked in october last year. The number of accounts breached can be between 3 million and 150 million, according to various news sources. (150 million according to http://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online so, WOW!) Apparantly, people must have received a message from Adobe to notify that they have to reset their password, because of this breach. I can’t remember ever receiving one, though.
This could be one of the worst bloopers in computer security, due to questionable encryption techniques used by Adobe. But although Adobe did force all users to reset their passwords, that still does not prevent all those addresses leaking towards spammers. And, many people tend to use a single password for dozens of websites, including their webmail. This might mean that the hackers will use the database to gain access to mail accounts instead of Adobe accounts! And if only 0.1% of all accounts used the same password for email and Adobe then there are 150,000 mail-accounts at risk! Serious risks, even.
Try Gmailbox’ disposable virtual mailboxes, it’s free and protects your address from spammers, when a company like Adobe sells your address, just delete that virtual mailbox, and your are free from spam.
Received the same e-mail, also reported it so spamklacht. Thanks for writing this up and tracing the e-mail back to Adobe.
Same happened to, i never gave my email addres to “kieseentablet.nl” and it happens to be my Adobe email addres they are using!