Email Lists

23 Oct 2010

The Problem

Last week I came across a data set of 1 million emails who were said to have "opted-in" to spam. It listed: email, name, address, city, state, zip, extended zip, phone number, date of birth, time added, IP and the source.

To anyone that's a lot of personal information!

How did they get this information, I had a look at the sources column which contained these distinct values.

My theory is they filled in all this unnecessary information on signup and left a box ticked that allowed the website to share this information.

The Attack

eBay sent this message to Steven Roddis (steven*****). Your registered name is included to show this message originated from eBay.

With a dump like the one I found, it's easy to spoof eBay emails with more apparent legitimacy.

The Mitigation

Use fake info everywhere, sites like, and can help.

Of course your bank and ebay should know your real name, dob, etc, but the LA Times can think I'm:

Beulah Williams
4263 Joseph Street
Milwaukee, WI 53226