I notice that my domain name gets hit with some very random e-mail addresses. Some spammers toss random letters and numbers in the hope that if they send enough e-mail, at least one will hit someone’s mailbox. This may be one explanation.

Hopefully the correct one. I seemed unusual because the local part of the address contains two dots and three non-dictionary words. I see spam for my own domains using random letter/number patterns in addresses, but those are expected.

(though I suppose sniffing a local DSL or wireless network would not be out of the question).

Broadband cable here.

I had another unexplainably uncommon (for me) spam incident last year with a recipient address previously only used for correspondence with a developer. My SMTP server connected directly to his server (both under our direct control) and neither of us could detect any kind of intrusion. This seemed too specific to be random; there was only a single message with that address as the lone recipient. So, some kind of over-the-wire leakage seemed a plausible explanation.

There’s also a good chance that people who know your e-mail address have unknowingly given it away. Viruses and spyware can advertise an entire address book, and when they do those addresses are almost immediately utilized because they are verified.

I once had a company-internal address become victim to one of the popular address book attacks several years ago. The Gmail address in question was unadvertised/unused other than when I created the account, it sent an invitation ack to a known trusted recipient, and had been checked via the web and later with POP3. Unless it was a random guess there were limits to where the leaked could have occurred (like in the previous example).

Over a long sysadmin career I’ve become quite observant for “little” things like this (often pedantically, a source of mutual irritation with sloppier sysadmins), but certainly don’t necessarily have currently accurate info, explanations, or answers. I was curious if anyone else has had a similar out-of-pattern Gmail spam incident that might shed some new light on mine. Not to make too much of it, especially with much weirder tales of the seemingly unexplainable… I’ll save those for another place and time. :-)

Two ideas:

1. This definitely should work: Forward your e-mail to GMail, and then have GMail deliver copies to your Blackberry.

2. This may or may not work. If I had a .Mac account, I would test it, but I don’t, so I can’t. :( You may be able to put commas between addresses. You may be able to setup your forwarding address to something like:

address1@domain.com,address2@domaintwo.com

It’s worth a shot.

Though, if #2 doesn’t work, #1 certainly will.

In your .Mac mail preferences, you can select to have mail saved to your .Mac account in addition to forwarding them. For more information, see this .Mac help article:

http://docs.info.apple.com/article.html?artnum=51733

You can find more .Mac support at:

http://www.apple.com/support/dotmac/mail/

It is my IMPRESSION that .Mac does spam filtering before saving mail. Thus, it should not forward mail on that it considers spam. If it does, it probably will tag it in some way that you can filter (in GMail filters, for example) automatically.

++sjk:

I notice that my domain name gets hit with some very random e-mail addresses. Some spammers toss random letters and numbers in the hope that if they send enough e-mail, at least one will hit someone’s mailbox. This may be one explanation.

I doubt spammers have the resources to be doing network sniffing for e-mail addresses. That usually would require at least some sort of legitimate network access (though I suppose sniffing a local DSL or wireless network would not be out of the question).

There’s also a good chance that people who know your e-mail address have unknowingly given it away. Viruses and spyware can advertise an entire address book, and when they do those addresses are almost immediately utilized because they are verified. Verifiable e-mail addresses go to the top of a spammers list. (especially if they have a “From” address that will be found in the recipient’s own address book — that may allow them to get whitelisted out of spam protection)

I read somewhere awhile ago about many Hotmail users discovering spam in newly-created accounts the first time they were accessed, regardless of the account name. I wonder what percentage of Gmail accounts are now suffering the same unfortunate fate. Seems Gmail’s popularity and publicity quickly made it a massive spam target.

For contrast, one of my FastMail accounts with a much simpler address, created several years ago, rarely receives spam.

I thnk my case might be a special one. I’ve had the same e-mail address for over a decade that has been posted on everything from web sites to usenet news groups to modem bulletin boards. I’m guessing that simply SWITCHING to a different address would do wonders for spam reduction.

It’s actually the false positives that upset me the most. If I just had a little more control over Google’s spam filter, I’d be happier. (on the other hand, I have the same amount of control over Tbird’s internal filter, and it does fine)

I should cut Google some slack though. Lately it’s gotten better catching spam (it finally has enough training data, I guess), but it hasn’t gotten much better preventing FALSE POSITIVES. What’s frustrating about that is that because I get so much spam, false positives get buried behind hundreds of messages very quickly and very often there’s no good way for me to find them. (clicking “Older” over and over again on a web interface is lame)

When I train my server-side filters, it’s very easy to find false positives. My server actually does triage where it moves suspected spam into a spam folder. I can then use Thunderbird’s filter as a second stage filter to evaluate the efficacy of my server filter. I actually configure Tbird *NOT* to do anything more than mark. That way I can quickly look through my spam folder and look for messages NOT marked by Tbird. Rarely are false positives caught by my server the same as false positives that Tbird would use. So all I have to do is scroll through everything in the spam box and look for the FEW messages that aren’t tagged as spam by Tbird. I can then copy those false positives into a “nonspam” folder that my server will add to is good training data later. (I use combinations of Bayesian and heuristic filtering on my server)

++ dtoub:

Try to implement fowarding (with copy) on your server. Talk to your server administrator to find out how to do this. Nearly any modern mail server should have this ability. That way on DELIVERY of your e-mail to your mail SERVER they’ll get archived.

The key to my setup is that I can do so much spam filtering on my SERVER. I can then forward messages AFTER the filtering. You have to look for this level of sophistication when you make a choice of IMAP provider; however, if you talk to your server administrator, you’ll probably find that most of them have some way to do something similar.