I just checked some newsletter instances I selfhost for certain websites (some of which aren’t fully launched yet), including PrivacyZen.eu . And wow, 3855 subscribers in just a few weeks! I barely did any marketing. Time to celebrate? Not yet.
You see, as I expected, 95% OF THOSE are bots. The fact that privacyzen.eu domain itself has just a few tells me the antibot strategy I implemented kind of worked (at least temporarily), as one of the sites I didn’t add it to has 3700 fake subscribers.
Most of those email addresses are real and some even subscribed and a tiny amount unsubscribed.
This begs the question. What is going on? There are a few possibilities.
- most obvious is that someone on the darknet has a service that floods people’s inboxes by signing them up for everything. But that’s not really lucrative
- They’ve been hacked and it’s a coverup, which we will discuss shortly
- Someone is trying to drive competition out of business by making them bounce hard
Compromised or hacked accounts
Probably hackers already have access to those email addresses and try to hide that fact by copious amounts of spam. I just checked a few of the “subscribers” on haveibeenpwned.com and they range between 5 to 20 attacks. THis means those email addresses including passwords have already been sold on the dark web and are accessible to hackers. Which means there’s a big chance any one of their email account is further compromised to be used in phishing, botnet or anyother kind of attack.
Good idea to not reuse your password and also not reuse your email address, hence using email aliases.
THe biggest problem is that the reasons why bots do this could be very diverse, ranging from trying to hack systems, to DDOS, or even other nefarious reasons
THe Realization
THis brings me to the realization that security and privacy are no longer optional. I need to launch PrivacyZen even in a beta phase this year as having email aliases will help secure non technical people’s inboxes. I manage my own aliases, but how many people are aware of this and how many do this on a daily basis?
Online and offline cyber security has become very delicate subject.
Protect your data, Don’t reuse passwords, and stop giving out your real email address everywhere, use an alias instead for each service. Stay safe!