Who sold my f$#%!ñ& information?


The bane of everyone’s internet existence is unsolicited mail, also known as SPAM. Over the years, I have relied on a series of strategies to combat it including software filters, fake email addresses, throw-away email addresses, and simply refusing to give out my email address except when absolutely necessary. These have had varying degrees of success, but for the most part I have not been overly burdened by SPAM in the past few years. And most big email providers have gotten pretty good about filtering out unsolicited mail. But recently, (at least in my email boxes) there has been an ever growing number of slips, with unwanted mail making its way past the filter and into my inbox. The reason for the vast majority of these is that they are from “legitimate” mass mailing companies who are complying with SPAM laws that allow an opt out or unsubscribe link at the bottom. So, even though I have never subscribed to any of these lists in the first place, I am bombarded with their crap and have to click an opt-out message with ever increasing frequency to get off their list. There is one main reason why one is added to these lists in the first place, and that is that one of the companies you have given your email to has sold your name and others to one of their “trusted” partners (also known as “anyone who will buy them”). The frustrating part in all of this is you have no idea how to trace it back. Who is the evil entity that sold you out? How can you disassociate yourself with them and refuse to use, buy or promote their services anymore? How can they be held accountable for selling you out?

This morning I implemented what is an imperfect solution, but should give me more information and help me to call out and shame the companies that are sharing my (and your) info, and stop doing business with them. I will maintain a list of the abusers and try to draw attention to them in the future so that others may benefit. This is not a solution that everyone can implement, but many can. For the more technical among you, here are the steps, and what you will need (before actually following these steps, read the update below):

1. Create your own domain or subdomain for this purpose (you can do this using any hosting company or for free –minus the cost of domain purchase — at Google Apps for example: http://www.google.com/apps/intl/en/group/index.html)

2. Create a “catch all” email address for the domain. This is an address that will catch any email sent to the domain, and most providers will offer one.

3. Start using this domain whenever you have to provide an email address to a website. So for example, if I am a new user of facebook, I would probably use the following format for my address: “facebook@mydomain.com”. If I am signing up for a flikr account, I would use something like “flikr@mydomain.com”.

Because I am using the name of the service I am signing up for, if I ever get an email going to that address that isnt directly related to that website, I will know who the culprit is. For example, if some magazine is trying to sell me a subscription at “flikr@mydomain.com” I will know that flikr sold me out. I can then blacklist or publicly shame that company. If enough people do this, maybe companies will think twice before disclosing your information without warning you.

UPDATE: As I was writing the above and verifying some information, I came across this site which makes it much easier (for anyone with a gmail account) to set up their own catch system for this type of thing. Go here to check it out. It would probably be a good idea to setup a separate gmail account for this purpose, though.