I’ve seen a few hundred of these emails in the past couple days coming in from multiple different companies.

I’m looking for more info.

at least one said it was zendesk, most did not say any software.

the tickets are being sent with CC addresses that contain large email lists. often others on the CC who don’t know what’s happening will reply “stop emailing me”.

so far I’ve seen this coming in to multiple addresses and none of the sending companies are familiar either.

sounds familiar to anyone? any info on this? it’s there a name i can lookup to find more info? i want to know what services this effects so i can properly protect my stuff and my work stuff.

  • hperrin@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    4
    ·
    11 months ago

    Check out https://port87.com

    It’s an email service that I developed to solve this kind of problem. Everything you sign up for has its own address, so if you get these to your bank address, you know it’s a scam.

    If you’re happy with your current email provider, you can achieve a similar result with subaddressing (aka plus addressing), if you set up a filter for each new address.

    • T156@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      11 months ago

      If you’re happy with your current email provider, you can achieve a similar result with subaddressing (aka plus addressing), if you set up a filter for each new address.

      Subadressing isn’t quite as trustworthy, though, since it’s trivial to strip the plus tag, or other marks from the email.

      • hperrin@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        That is true. I think spam lists usually have many thousands of addresses though, so unless they’re doing it with a script, they’re probably not stripping the subaddresses.

        But a service that lets you use a dash instead of a plus, like Port87, is a bit safer in that regard. The dash is also accepted everywhere, whereas some places (like Microsoft) don’t accept a plus in an email address.

        • Appoxo@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          As if they wouldnt deduplicate and sanitize their list.

          This is probably a 5min question on Chatgpt and executing it.

    • qaz@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      11 months ago

      Interesting service. I’ve been doing this manually with Addy.io but that’s not feasible or desired by most, this could be a solution for that.

      • hperrin@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        I got the idea because I was doing it manually too with Sieve scripts on ProtonMail.

        Please try it out, and if you like it, help spread the word. :)

    • stealth_cookies@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Does the hyphen get accepted everywhere? I use aliases already for every sign up but a shocking number of websites reject emails with the + sign as invalid, often the ones I’m most concerned about.

      • hperrin@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        It’s worked everywhere I’ve tried it. Blocking the hyphen would be a really aggressive move, because that’s valid in usernames in most email services. I honestly don’t know why places block the plus.

      • hperrin@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Not yet, but I’m working on that. SMTP works from a mail client, but I haven’t finished the IMAP server. I’m also working on customer domains, so you can bring your own domain. It’ll work with a single user setup (label@mydomain.com) or multi user setup (user-label@mydomain.com).

      • hperrin@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        11 months ago

        Duck.com is a great service, but it doesn’t have the same features as Port87, and it has different goals and a different purpose as a service.

        Duck.com is meant to keep your existing email address private. It forwards messages to your current email provider. You could use a duck.com address to keep a Port87 address private.

        Port87 is meant to be your email provider. It doesn’t forward mail, but instead receives/sends mail for you. You get unlimited subaddresses with Port87, and each one has its own label in your account with its own settings, like whether to send push notifications, mark email as read, screen new senders, etc. It’s meant to help you stay organized by keeping your email categorized for you. It’s also available free. There are paid features, but you can receive mail to unlimited addresses for free.

        The two services work very well together, and you can get the benefits of both!