![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
For reasons unknown, someone somewhere decided that the web certificate admin account and my account at work should both be the subject of a major spam attack. These two email addresses were injected into a vast number of online forms, including email list subscription forms. Every one of these targets then generated at least one response, sometimes many, back to my accounts.
After waking up to 400 unexpected emails, I began setting up my own filters to trim out the excess while our Corporate IT folks worked with Exchange to see if they could do a better job of blocking these. Since that time, I've received another 8,500 messages, nearly all blocked or shunted into a spam folder.
This experience has revealed how much crappy web design is out there. Why would you run a sales ordering web site that accepts orders for hardware with no physical address entered? Why are there still mailing lists that allow anyone to subscribe someone else? And why do so many lists not yet send a click-to-confirm-you-actually-requested-this message? Why does any list still exist which doesn't tell you how to unsubscribe? And why does Outlook.com (our email platform) have systems to block senders, but not the senders' domain?
The biggest question for me though is: who profits from this? What gain could there possibly be for adding my name to thousands of mailing lists, nearly all in country I've never visited in languages I can't read? The list owners don't gain, I don't gain... who would benefit that they would undertake this kind of thing?
I think the worst is over... instead of 20+ messages per minute, the rate has received to a few per hour. My bigger worry now is checking that my filters weren't overly aggressive and accidentally swept up legitimate work emails.
After waking up to 400 unexpected emails, I began setting up my own filters to trim out the excess while our Corporate IT folks worked with Exchange to see if they could do a better job of blocking these. Since that time, I've received another 8,500 messages, nearly all blocked or shunted into a spam folder.
This experience has revealed how much crappy web design is out there. Why would you run a sales ordering web site that accepts orders for hardware with no physical address entered? Why are there still mailing lists that allow anyone to subscribe someone else? And why do so many lists not yet send a click-to-confirm-you-actually-requested-this message? Why does any list still exist which doesn't tell you how to unsubscribe? And why does Outlook.com (our email platform) have systems to block senders, but not the senders' domain?
The biggest question for me though is: who profits from this? What gain could there possibly be for adding my name to thousands of mailing lists, nearly all in country I've never visited in languages I can't read? The list owners don't gain, I don't gain... who would benefit that they would undertake this kind of thing?
I think the worst is over... instead of 20+ messages per minute, the rate has received to a few per hour. My bigger worry now is checking that my filters weren't overly aggressive and accidentally swept up legitimate work emails.
