Recently, I skimmed my e-Mail spam folder to check if some false positives had ended up there unseen. During this, attention was drawn to some Spam message that came from a very special domain: discardmail.com1. I had seen such services before: they let you get a temporary e-Mail address to fight spam or just get that registration you wanted so badly - no signup required.
Spam coming from a service that’s basically intended to fight spam – interesting. I went to the site and there was that login screen (See screenshot). The e-mail address the spammer had used made sense in the context of the mail, so it wasn’t just someone’s address used for spamming. I couldn’t resist but to enter the address the spammer had used. No suprise here – I got to an inbox full of “Undelivered Return”’s.
However, the interesting bit was that of these roughly ~100 bounces in the inbox, 3-4 seemed to be responses from actual people. To my surpise though, some of them not only told the sender to remove them from the list but were actually asking for a delivery of the promoted product, including details like postal address, mobile phone numbers and more …
I don’t know what’s more evil – spammers using these services for spamming or the simple fact that anybody can go and “check” the responses to the spam. I also wonder if this was intentional: To use that unprotected account to eventually let other spammers go and harvest additional e-Mail addresses.
Which I won’t link to for obvious reasons. ↩︎