Misuse of Email Addresses

Quite some time ago, thanks to the wonder of Magazine Cover Disks, I installed Concept Draw MINDMAP personal edition 4. If you need to make mind maps and the like, this is reasonably good software and certainly worth the price (i.e. free). Part of the installation process required me to register with concept draw, and provide them with an email address.

Being a naturally paranoid fool, who always assumes the worst, I used the services of Gishpuppy to create a one-off email address for this registration, which automatically forwarded emails to my main account. If you haven’t already done so, I cant suggest strongly enough the advantages of going to the site, registering and getting the plugin (if you use FF / IE) to allow you to “Gish It” every time you are asked for an email address.

Basically what happens, is you give gishpuppy some keywords and a domain which you want to use the email address on, then it creates the address for you. As an example, if your key words were whydontyou it may create the email address whydontyou.4ry@gishpuppy.com. You give out this email address and when anything is sent to it, it gets forwarded to your real account. It is a great way of testing the water with some services.

Anyway, as I said I created the GishPuppy address and registered. Everything was fine for a few months, but for the last five or six weeks, I am getting a deluge of spam emails to that address. Now, I know I have never used this address anywhere other than the ConceptDraw registration. Today I got an email from a site admin saying that there had been a massive amount of spam from my email address (the Gish one) and suggesting I check the firewall to see if I have been hacked.

Now, as I see it, one of two things has happened. Gishpuppy has compromised my email address to spammers, or Concept Draw have. If it had been Gishpuppy, why would they only give up one email address? I have dozens registered with Gish (I use them every time I have to register somewhere so I can filter the return emails), and none of the others get spam emails.

Sadly, I can only draw one conclusion from this and it certainly ensures I wont buy anything from Concept Draw in the future. To give them the benefit of the doubt, I have tried email Concept Draw to explain I felt emails were being misused but, oddly, I have had no response.

10 thoughts on “Misuse of Email Addresses

  1. Blimey, don’t get me started on this…. I think spam coming in is bad enough, but spam going out with your address on is really the worst thing, as it can end up with legit addresses getting banned..
    There’s little point trying to find out where its really from from the IP as far as I can see, as the originating IP is almost certainly spoofed as well.
    There must be some effective way to defend against it, she says, hopefully…

  2. Swines.

    My host allows me to have a main me@example.com address, and then automagically gives me @example.com addresses too which are disposable, so I know exactly where these address are being used for and I can kick up a stink/dump them if they become troublesome. Quite handy.

  3. SiteAdvisor rates the ConceptDraw site as Red. They say “After entering our e-mail address on this site, we received 1.5 e-mails per month. We received an e-mail which contained a virus.” I dunno which is worse, a gush of spam or a virus (that you can, one hopes, detect).

  4. I am impressed site advisor only got 1.5 emails per month. Before I pulled the plug on that particular gishpuppy account, I was getting around 3 – 4 spams per day.

    In the few months I let it go, I never got any virus emails (but they may be filtered at an earlier stage).

    For those who aren’t as lucky as Nullifidian (i.e. Heather) who cant get unlimited forward emails, GishPuppy is a solution that I really cant suggest strongly enough.

    In addition, I would suggest people steer clear of Concept Draw.

  5. Heather: The IP address in the TOPMOST Received: line of an email is very difficult to fake. Also, if you’re fully confident in the source of the topmost line (e.g., it’s your own ISP), the one after that is almost certainly valid. It’s quite difficult to make mail appear to come from a forged IP address, so the header line very likely to be correct. Any other headers can be forged.

    Further Received: lines may or may not be correct. The spammer can make them up to create a fake trail. Also, the domain name in the Received: line can be fake.

  6. Hello,

    I’m a representative of http://www.conceptdraw.com . Its a pity to hear that you haven’t got a reply to your letter. Our company had never shared emails with any third-party companies, nor participated in any kind of spam activity as we highly respect privacy of our customers.

    I would be very grateful if you contact me directly at zh_igor[at]csodessa.com to help me find out and solve the issue.

    Thanks in advance,

    Igor Zhadanov
    CS Odessa

  7. Igor, thank you for the comment. I will re-activate the Gishpuppy account and contact you over the weekend.

  8. I would like to say a big thank you to Igor Zhadanov for getting back to me over this. I have had a few problems (forgot my password etc), so it took a lot longer than I thought to re-activate the email address.

    Maybe CS Odessa are not as bad an organisation as I first thought and if so, I will make a new post to that effect.

Comments are closed.