This email was sent to an address I know the spammers have (it is listed on the Debian Consultants page). It is almost identical to several other spams I have been receiving to what I had considered to be private, unique addresses.
I give out different email addresses to different providers, mailing-lists and websites to see how what gets leaked. It’s partly a check on privacy policies, and partly a way to ensure I can blacklist emails efficiently. I’ve run various schemes with email addresses on my domain maz.nu over the last eleven years. Here is what I have found.
iana
Registered with IANA for a private enterprise number for OIDs, iana is listed on a public website. It gets a lot of junk. There are a number of variations, however, which also receive spam:
Sorry, macheist.com, but if you can’t keep my email address private, I don’t want to hear from you any more.
Received: from zulaa ([::ffff:124.158.125.66])
by mx10.faelix.net with esmtp; Mon, 25 Jan 2010 12:54:44 +0000
id 0000C007.4B5D9494.00004E67
Received: from localhost (127.0.0.1) by mail.zulaa
(124.158.125.66) with Microsoft SMTP Server id 8.0.685.24; Mon, 25 Jan 2010 21:08:09 -0800
From: "Percocet.Vicodin.Adderall"
I give unique addresses to each web site or service I sign up to. Bloomsbury became the latest in a long string to pass on or leak my email address to spammers:
