PSA: change your account logins

Rich Kulawiec rsk at
Fri May 31 14:18:05 UTC 2019

On Fri, May 31, 2019 at 01:17:19PM +0000, Richard wrote:
> When I have looked into this type of issue for my unique addressing
> some did trace back to back-end db hacks (e.g., adobe), but I found
> that the most likely culprit was the 3rd-party bulk mailer that
> handled the organization's marketing mail. It could be a non-zeroed
> disk thrown into the trash or an inside job, but it almost always
> traced back to one or two bulk mailing companies. 

FYI, I've been running numerous experiments in this area for many years
using unique non-guessable non-typo'able addresses.  Explaining the
results in full would take many pages, so let me summarize: 3rd party
bulk mailers leak like sieves.  "How?" remains an open question: could be
that they're selling, could be that they have security issues, could be
that insiders are selling on their own, could be any number of things:
it's really not possible to say.  But they are unquestionably leaking.
This is hardly surprising: many of them are spammers-for-hire, many of
them use invasive tracking/spyware, and none of them actually care in
the slightest about privacy or security -- after all, it's not *their*
data, why should they?

Which are some of the many reasons that outsourcing your mailing lists
is a terrible idea, doubly so when it's quite easy to run your own with
Mailman (or equivalent).


More information about the NANOG mailing list