Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation (betanews.com)

← Back to Stories (view on slashdot.org)

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation (betanews.com)

Posted by msmash on Monday March 6, 2017 @06:40AM from the boom dept.

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.

141 comments

Min score:

Reason:

Sort:

Redundant by Anonymous Coward · 2017-03-06 06:43 · Score: 2, Insightful

How many spam operations are legal?
1. Re:Redundant by cdsparrow · 2017-03-06 06:46 · Score: 1
  
  Most of the spam I see on any given day is legal... Store ads, etc...
2. Re:Redundant by Anonymous Coward · 2017-03-06 06:54 · Score: 1
  
  Spam is UNWANTED e-mail. Whether or not I previously purchased something from a store is immaterial. If I don't want it, ITS SPAM.
3. Re:Redundant by Anonymous Coward · 2017-03-06 06:56 · Score: 0, Informative
  
  by signing up, you've agreed to receive the newsletter
  the ability to remove yourself from their list, after agreeing to receive their emails, is why they don't get fined
4. Re:Redundant by Drethon · 2017-03-06 07:16 · Score: 1
  
  Shouldn't have provided your e-mail to them if you don't want them to use it. Plus most of these stores seem to honor a remove from list request. Yeah having to opt out, rather than opt in is painful but this still differentiates from real spam.
5. Re:Redundant by Anonymous Coward · 2017-03-06 07:17 · Score: 0
  
  "unsub" however they say to
  Any further emails from them go into spam. Care to guess what's currently filling my spam folder? Two companies, I've bought one thing from each of them.
  To some companies an unsubscribe attempt is just proof that the advertisement is delivered and read.
6. Re:Redundant by Anonymous Coward · 2017-03-06 07:19 · Score: 0
  
  signing up/purchasing something
7. Re:Redundant by Obfuscant · 2017-03-06 07:20 · Score: 5, Informative
  
  You signed up for it when you bought a product or made an inquiry on their site and did not uncheck a box that signed you up for them most-likely.
  
  That's the lie every spammer uses to justify their garbage. De-selecting the "send me all kinds of email about stuff I don't want" checkbox does nothing.
  
  If you're still getting it you're just too lazy to unsubscribe.
  I SHOULD NOT HAVE TO UNSUBSCRIBE FROM JUNK EMAIL LISTS THAT I DID NOT SUBSCRIBE TO IN THE FIRST PLACE. THE FIRST PIECE OF SPAM IS STILL SPAM.
8. Re:Redundant by cdsparrow · 2017-03-06 07:20 · Score: 1
  
  I filter it out and could unsubscribe, but easier to filter. I still consider it spam though... It's not nefarious spam, but spam nonetheless.
9. Re:Redundant by Anonymous Coward · 2017-03-06 07:23 · Score: 0
  
  what do you call all the people who sign me up for things that have similar email addresses to me.
  Thats about 50% of my bacn.
10. Re:Redundant by Obfuscant · 2017-03-06 07:25 · Score: 0
  
  Shouldn't have provided your e-mail to them if you don't want them to use it.
  
  Most online order forms demand an email for the purposes of communicating about that order. Further use of that email address for unsolicited commercial junk email is SPAM.
  
  Plus most of these stores seem to honor a remove from list request.
  
  "Seem to". And many of them don't. And many of them have invalid or non-working "unsub" links. Even the working ones don't help when your email reader doesn't do "the web" -- because it is an EMAIL READER. My procmail rc is filled with such "honorable" spammers.
  
  Yeah having to opt out, rather than opt in is painful but this still differentiates from real spam.
  No, it doesn't. It's unsolicited commercial junk email from the very first one.
11. Re:Redundant by Anonymous Coward · 2017-03-06 07:25 · Score: 0
  
  Because I agree doesn't mean it WANT IT.
  I agreed to a have root canal. I certainly didn't WANT IT.
12. Re:Redundant by SeaFox · 2017-03-06 07:26 · Score: 3, Informative
  
  Spam is UNWANTED e-mail.
  No, spam is UNSOLICITED commercial email. When you did whatever action you did on their site to receive it, you solicited them to send it to you as part of it. True spam is from companies you never heard of and never had a business relationship with.
13. Re:Redundant by Anonymous Coward · 2017-03-06 07:29 · Score: 2, Informative
  
  That's the lie every spammer uses to justify their garbage.
  Yes, Rule #1, spammers lie; that doesn't mean it isn't a legitimate justification for a lot of commercial email. If I order a pizza on PizzaHut.com, and next week Pizza Hut sends me an email with their weekly special offers, that isn't spam. It isn't mail I particularly want, but it isn't spam. I agreed to receive those emails by joining up with PizzaHut.com.
  Spam is all the completely unsolicited boner pills, home mortgage, weight loss, and other garbage coming from randos who bought or harvested my email address somewhere, like the assholes who are the subject of this article.
14. Re:Redundant by Anonymous Coward · 2017-03-06 07:42 · Score: 1
  
  Let the man define spam how he wishes. I personally agree with him. You've missed a rather important point though. He's talking about messages sent unsolicited AFTER whatever transaction or service he signed up for is finished. I'm not going to fill out any customer satisfaction survey no mater how many times you send it to me, nor do I care about the sale on the big item I purchased last week, I've already purchased one. I'd love to see this sort of thing made into illegal spam but it won't ever be, as we're already well used to dealing with snail mail and telephone calls in a similar fashion, previous business relationship = fair game.
15. Re:Redundant by gmack · 2017-03-06 07:42 · Score: 1
  
  Doing it from procmailrc doesn't really get the point across since they never know it didn't get delivered. It is better to block it at the SMTP level and refuse to accept the message in the first place.
16. Re:Redundant by RobinH · 2017-03-06 07:44 · Score: 2
  
  I'm not sure why some people have such a huge problem with spam. I use a service where I make up a unique email address for each account I sign up for. That (paid, but cheap) service forwards the mail to me. If I ever get unsolicited email on that address, I go to the service and delete the address, or if I really care, I make a new one and update that account, because they probably got hacked.
  When an account sends me a mailing list, I click the unsubscribe button, and I would say 9 times out of 10 that works. If it doesn't, I delete or disable that email address.
  Which means I don't have a spam problem.
  
  --
  "I have never let my schooling interfere with my education." - Mark Twain
17. Re:Redundant by Obfuscant · 2017-03-06 07:45 · Score: 5, Insightful
  
  that doesn't mean it isn't a legitimate justification for a lot of commercial email.
  It is not a legitimate excuse for the commercial email I receive based on such lies. I ALWAYS uncheck this "pre-selected opt-in" (an oxymoron), and the spammer ALWAYS tells me that I opted-in.
  
  If I order a pizza on PizzaHut.com, and next week Pizza Hut sends me an email with their weekly special offers, that isn't spam.
  Yes, it is. Unsolicited commercial junk email. UCE. BY DEFINITION.
  
  Spam is all the completely unsolicited boner pills, home mortgage, weight loss, and other garbage coming from randos who bought or harvested my email address somewhere,
  Spam is not defined by topic. It is defined by UNSOLICITED COMMERCIAL EMAIL. Yes, there are many sources of spam. The fact that you bought a pizza at Pizza Hut does not excuse their unsolicited commercial email, which is spam.
18. Re:Redundant by nukenerd · 2017-03-06 07:46 · Score: 5, Insightful
  
  Spam is UNWANTED e-mail.
  No, spam is UNSOLICITED commercial email. When you did whatever action you did on their site to receive it, you solicited them to send it
  Bullshit. My "action" is to buy something online (it is getting hard to find some types of stuff any other way). Buying something is not "soliciting" for email adverts for ever after.
  Anyway, I use disposable email addresses for purchasing. After it's delivered, I turn off the address and their spam is going into a black hole somewhere, not even as far as my spam directory. But I can look at the stats and see that some companies I have bought from (including a gardening supplier I bought a $10 item from 5 years ago) have sent me thousands of emails - a situation that is ridiculous
19. Re:Redundant by Obfuscant · 2017-03-06 07:48 · Score: 1
  
  It is better to block it at the SMTP level and refuse to accept the message in the first place.
  You might think so, but do you REALLY think any spammer cares about or even looks at the bounces from their spam?
  Unfortunately, the only way to "block it at the SMPT level" for users is to return error code 67 (IIRC) from procmail, and that doesn't work if you are using IMAP to pull email from a server that has already taken final delivery.
20. Re:Redundant by admin7087 · 2017-03-06 07:50 · Score: 2
  
  That's not how it works. Many companies let you sign up with email and will send you email years later even if you untick the "yes, please send me bullshit news" box. Others trick you into inadvertently subscribing to their newsletter by showing the preselected box again and again during updates. It's illegal spam in both cases, but they get away with it.
21. Re:Redundant by Zocalo · 2017-03-06 07:54 · Score: 1
  
  Pretty sure the number of spammers that look at (or even see) bounces or rejects is near enough to zero as to make no difference, or if they do then they certainly don't seem to care about them. I'm still getting attempts to send spam to accounts and entire domains that have been refusing to accept email at the SMTP MTA for over decade, which is fine by me, because every single IP that does so gets submitted to a whole bunch of DNSBLs.
  
  --
  UNIX? They're not even circumcised! Savages!
22. Re:Redundant by eedwardsjr · 2017-03-06 08:01 · Score: 1
  
  Same here. I use sneakemail.com. Spam email stands out like a sore thumb. I flag the address for bouncing and give them another one. It does not happen often.
23. Re:Redundant by Anonymous Coward · 2017-03-06 08:08 · Score: 0
  
  "Oh, what a nice thing you have here, it would be a shame if anything happened to it. Just use this (paid, but cheap) service and we'll protect it for you."
  I shouldn't have to pay anything to not receive spam. If I create an account to buy something, it's to receive a notification about the order status, or to contact me for things related that item (recall, customer support, ...), it is NOT a permission to receive promotional offers. If I give my email address to a company, it's not for them to sale to third-parties.
  And temporary email addresses only works when YOU give the address away. You can't do anything when a friend gives your address to send you a birthday card, share a link with you, or build a list of acquaintances on a social website.
24. Re:Redundant by sit1963nz · 2017-03-06 08:14 · Score: 1
  
  Which is why I have an email address I use for all those stores who think they are entitled to my email address.
  
  I have multiple email addresses.
  1 for work
  1 for family
  1 for personal use
  1 for possible spammers
  1 as a spam trap
  1 that I give to stores I dont want junk mail from
  
  They are all IMAP accounts, there is a script that automatically empties the last 3 accounts (2 of them once a week)
  Plus my work one I can block whole domains on the email server e.g. *@*.com.br *@hotmail.com etc etc etc
  My spam trap address automatically sends everything that lands there to spamcop
25. Re:Redundant by JoeMerchant · 2017-03-06 08:15 · Score: 4, Informative
  
  In the 1990s, any acknowledgment of a spam e-mail was an invitation to more SPAM.
  Lately, the unsubscribe links mostly work pretty well. I've been able to maintain the same address for 20 years now and it's still usable, sure it gets SPAM, but with billions of legitimate SPAM targets on the planet today, just knowing that the address is legit isn't enough to make it attractive anymore.
  Also, there are some penalties for not handling "unsubscribe" requests properly, never looked into enforcement and collection, but I'm sure some people have.
26. Re:Redundant by nobuddy · 2017-03-06 08:20 · Score: 2, Informative
  
  No need for a service, gmail will do it by default.
  If your address is "mymail@gmail.com" and you are filling out an order from Pizza Hut, use "PizzaHut+mymail@gmail.com"
  now you have a unique one for them that you can block off at any time. With the added benefit of being able to see who sold your email to that spammer.
27. Re:Redundant by sit1963nz · 2017-03-06 08:21 · Score: 3, Interesting
  
  It took me over 2 years to get off one hotel chains spam list even though I ticked "DO NOT email me offers"
  
  Now I have a spam email address I use for all hotels , real estate agents, etc etc etc that fits into the format of x.x.xspamtrap@gmail.com
  so they KNOW its a spam trap
  Some have complained that its not a real address, it is, but anything that ends up there is automatically deleted, I never see any of it, and they get told this
  I am more than happy to show them on my phone that its real, but worthless.
28. Re:Redundant by sit1963nz · 2017-03-06 08:27 · Score: 1
  
  Set up a gmail account, something like xyzspamtrap@gmail.com
  
  Give them that address, its yours, its legitimate but its worthless and they can spam as often as they like.
  
  After than you no longer care if they ignore the "do not add me" part of their sign on sheets.
  
  And if you have to "read their email" and click on the confirmation link, you can, and you can ignore them after that.
29. Re:Redundant by dead_user · 2017-03-06 08:32 · Score: 2
  
  Hehe, I bought about $4.00 worth of capacitors from Mouser.com once and they mailed me at least 8 different 1.5" thick catalogs in the post for the next several years trying to get me to buy more. My TV only broke once. I don't NEED more. At least in the case of the emails all that was wasted are a few electrons. ;)
  
  The truth of the matter is that for a small business like that, curating the list takes time. Just letting the script run automatically once a week does not.
30. Re:Redundant by Alumoi · 2017-03-06 08:36 · Score: 2
  
  Aha, and the stores don't sell your email to spammers. Ever!
31. Re:Redundant by Obfuscant · 2017-03-06 08:45 · Score: 4, Informative
  
  use "PizzaHut+mymail@gmail.com" now you have a unique one for them that you can block off at any time.
  
  You don't need to block it off, it will be sent to someone else who already has the "pizzahut@gmail.com" address, with the added benefit of telling them who is using their address to sign up for pizzahut spam.
  Try "mymail+pizzahut@gmail.com".
  Thanks to everyone who thinks I need to know how to avoid this spam, but I already do. I am well aware and a long time user of RFC5233 addressing.
32. Re:Redundant by Anonymous Coward · 2017-03-06 09:04 · Score: 0
  
  If you have any "business dealings" with the company it is an open invitation for unsolicited communications... just ask all the call centers in .
33. Re:Redundant by Drethon · 2017-03-06 09:07 · Score: 1
  
  Haven't had much issue with that. The spam mail shows up after I give my address to companies like Bath Fitters, who seem far less reputable in my experience. They turned out to me a massive waste of time. YMMV.
34. Re:Redundant by Anonymous Coward · 2017-03-06 09:10 · Score: 0
  
  If I order a pizza on PizzaHut.com, and next week Pizza Hut sends me an email with their weekly special offers, that isn't spam.
  Yes, it is. Unsolicited commercial junk email. UCE. BY DEFINITION.
  If receiving a weekly specials email is one of the conditions of having a PizzaHut.com account, it's not unsolicited, I signed up for it.
35. Re:Redundant by afidel · 2017-03-06 09:18 · Score: 1
  
  I use myemail+company_short_name@gmail.com if their form person isn't retarded (if they are and are blocking legitimate SMTP addresses they get the spam catcher email) which get filtered into folders, any company who abuses the address I give them loses all future business from me.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
36. Re:Redundant by afidel · 2017-03-06 09:25 · Score: 3, Informative
  
  other way around, myemail+pizzahut@gmail.com
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
37. Re:Redundant by whoever57 · 2017-03-06 09:38 · Score: 2
  
  Unfortunately, lots of websites won't accept such email addresses.
  I even have one case where I registered using such an address, but the website was changed so that now it won't accept such addresses, so I cannot use it for orders, change it or even unsubscribe. Fortunately, they don't use it to send more than about one email every two months, so I really don't care.
  
  --
  The real "Libtards" are the Libertarians!
38. Re:Redundant by easyTree · 2017-03-06 09:51 · Score: 1
  
  by signing up, you've agreed to receive the newsletter
  the ability to remove yourself from their list, after agreeing to receive their emails, is why they don't get fined
  Agreed, because it was likely clearly stated in a document linked ten levels deep, right near the middle in white-on-white text, "by purchasing products from xyz store, you agree to receive spam; that our unsubscribe link goes to a page which will crash in a manner which appears accidental and that we will not respond to your emails relating to our broken unsubscribe page."
  
  --
  Requiem for the American Dream
39. Re:Redundant by nedlohs · 2017-03-06 09:55 · Score: 1
  
  Because gmail.com isn't a widely used domain for email or anything, so no spammer would ever think of changing x+y@gmail.com to x@gmail.com in their lists of addresses...
40. Re: Redundant by Anonymous Coward · 2017-03-06 10:00 · Score: 0
  
  I receive bills by email all the time. I don't want them, but that doesn't make it spam.
  I consider SPAM unsolicited email. How the fuck would you know if you want it or not without first receiving it?
41. Re:Redundant by Anonymous Coward · 2017-03-06 10:03 · Score: 0
  
  Most of the time, it isn't them -- they then suffer a data breech, or they then sell on my email or whatever. They're often given my email for a purpose, purport to use it for one time thing, and then do something else with it.
  I later then get unsolicited emails, being sent to me because I apparently signed up with one of their partner networks. Apparently. Which I don't entirely believe, and even if true, they should be a LOT more specific than that.because there's no way of me figuring out who sold this new company my email address.
  Something similar with phone numbers - don't give out your phone number when getting a white paper, otherwise you'll get phone calls asking if they can send you an email. Seriously.
42. Re:Redundant by Anonymous Coward · 2017-03-06 10:03 · Score: 0
  
  Maybe that's indeed the legal situation in the US. In the EU, it's definitely spam, though - signing up needs to be entirely optional.
43. Re:Redundant by easyTree · 2017-03-06 10:05 · Score: 2
  
  It's just so pointless;
  if (customersWantOurProducts) { while (true) { waitForNewOrder(); processCustomerOrder(); } } else { for (var c in customers) { for (var p in products) { sendEmail (c.email, "Although we recognise that this is a longshot, do you " + c.name + ", at this exact instant in time, require our product '" + p.name + "', for the currently reduced price of " + (0.9 * (p.price * 12 - 20)) + "?\r\nKind regards, spammer.-corp"); } } }
  
  --
  Requiem for the American Dream
44. Re:Redundant by Anonymous Coward · 2017-03-06 10:09 · Score: 0
  
  Bullshit, shitbrick. That is just a pissant's justification to allow the cunts to waste your bandwidth with unwanted email because you got hungry for a mild-laxative.
45. Re:Redundant by Anonymous Coward · 2017-03-06 10:09 · Score: 0
  
  Perhaps the accidental reversal is how nobuddy solved their spam problem...
46. Re:Redundant by Anonymous Coward · 2017-03-06 10:20 · Score: 0
  
  Hey - we don't do python on /., 'k?
  CAP === 'unworthy'
47. Re:Redundant by easyTree · 2017-03-06 10:36 · Score: 1
  
  if (javaScript === python) { console.log ('my bad'); } else { console.log ('huh?'); }
  
  --
  Requiem for the American Dream
48. Re: Redundant by Anonymous Coward · 2017-03-06 11:04 · Score: 0
  
  The argument here is whether it's solicited if you did business with them in the past. You're saying you are not agreeing because you didn't check the box.
  While I don't disagree that companies still send you stuff when you checked no, but its content is subjective. They might not be selling you anything, they might just be providing information. They might argue it's necessary to properly inform users of their service.
  I think the Canadian anti-spam laws are pretty good with their intentions and exceptions.
  However, to say this happens every time, makes you a whiny bitch.
49. Re: Redundant by Anonymous Coward · 2017-03-06 11:14 · Score: 0
  
  I do that too, and Gmail has really good anti spam features, but you don't value your time.
  Just having lost time to check spam folder, is enough of a complaint to me. Also, having a good service provider is important.
  We had active sync mailboxes with Rackspace, which was a huge improvement of our previous onsite exchange with paid anti spam Software. When we switched to shared hosting with shit anti spam, we all went from under 10 spams a day to 300+.
  But for me, even the dozen or so in my personal Gmail annoys me that I have to spend the time to constantly check it for legit email.
50. Re:Redundant by Etcetera · 2017-03-06 11:15 · Score: 1
  
  It is better to block it at the SMTP level and refuse to accept the message in the first place.
  You might think so, but do you REALLY think any spammer cares about or even looks at the bounces from their spam?
  Unfortunately, the only way to "block it at the SMPT level" for users is to return error code 67 (IIRC) from procmail, and that doesn't work if you are using IMAP to pull email from a server that has already taken final delivery.
  You're begging the question. SPAM is unwanted mail. You "wanted" it by opting in at some point (probably within the context of a purchase or something).
  Someone who doesn't intend to spam will provide an opt-out link. It's 2017, not 2002. Use it.
  If you can't reject at the SMTP level then that means you're not running your own mail server. Every ISP or mail service in the last 20 years has maintained abuse accounts and administrators that will accept spam reports and (eventually) configure their systems to reject messages at the SMTP level for you (or pre-filter it). Contact them.
  
  --
  Hire a Linux system administrator, systems engineer,
51. Re:Redundant by Anonymous Coward · 2017-03-06 11:23 · Score: 0
  
  You are wrong. Spam is UNSOLICITED COMMERCIAL email.
  Receiving an email from an ex girlfriend, whom you never wanted to hear from again, is not spam (as per your definition).
52. Re: Redundant by Anonymous Coward · 2017-03-06 12:14 · Score: 0
  
  Since you used gmail as your example...
  They do not recognize periods in email addresses. So first.last@gmail(dot)com delivers to the same inbox as f.i.r.s.t.l.a.s.t@gmail(dot)com as firstlast@gmail(dot)com.
  A much easier method is to take your gmail address, and use a specific combination of periods to denote emails you never want to receive: say, .first.last.@gmail(dot)com - then write a filter rule that will automatically delete anything sent to that specific address.
  This is a method even my mother can understand. I know most readers/commenters here could set up their own domain with bayesian filters, black/white/grey list filters, etc, but that approach does not work for the average email user who doesn't even care about the difference between IMAP and POP3.
53. Re:Redundant by Solandri · 2017-03-06 12:19 · Score: 1
  
  I've owned my own domain for about 15 years, so I create a new email address for every service or vendor I sign up with. I just use the vendor's name @ my domain. To date I have over 700 email addresses, all forwarding to my main email. Except for the ones I knew from the start were shady and probably fly-by-night operations, the vast majority of them have been true to their ToS and have not shared the email address I gave them. I have not received spam nor unwanted email (other than from that vendor) at the unique email addresses I've given them.
  
  Of the major vendors, there have been two exceptions. Soon after creating the email address, I began receiving spam from:
  
  adobe@mydomain.com
  microsoft@mydomain.com
  
  The Adobe one received spam for a little over a year. The timing coincided with a publicized hack of Adobe's servers. So I give them the benefit of the doubt and assume the address was stolen. OTOH, Microsoft... I began receiving spam at that address a few weeks after creating it. This continued for about a year, then began to die off. A few years later there was a resurgence in spam to the address, which tapered off after a year. 5 years later it happened again. So my conclusion is that they sold my email address at semi-regular intervals. I haven't received spam at that address in nearly 7 years though, so maybe they've cleaned up their act.
54. Re:Redundant by Carewolf · 2017-03-06 12:43 · Score: 1
  
  Aha, and the stores don't sell your email to spammers. Ever!
  In the civilized world, no it is unlikely, considering it is illegal and is easy to track. It probably happens in the US and the third world though.
55. Re: Redundant by Anonymous Coward · 2017-03-06 12:44 · Score: 0
  
  Clearly you don't. And clearly you don't do JavaScript either.
56. Re:Redundant by Anonymous Coward · 2017-03-06 14:26 · Score: 0
  
  Spammers may do that, but the real sites don't. I'm stuck on a few mailing lists because their unsubscribe software can't handle the plus sign in the email address. Their sign-up software handled it just fine... Though I use an email client which lets your create filter and spam rules so those emails are instantly deleted. But it's still annoying. Now I just use my normal email address. The unsubscribe links work for all reputable businesses and disreputable emails are often easy to filter out. The most important thing is to stop posting your email address pubicly online or on your online profiles. I get very little real spam and I tend to keep those 'check for deals' boxes checked before unsubscribing a month or two later.
  The worst emails are the 'please review your purchase' emails. Those are worse than spam since they may or may not have important order details hidden within them.
  Amazon is the biggest spammer: 1st email: "Congratulations, you've both something from else but we won't tell you anything about that order in this email, instead checkout all of these other plungers you could have bought instead. Would you like to buy them now because the one you just bought isn't good enough?" 2nd, 3rd, 4th email: "Amazon Seller XYZ# just received your order". 5th email: "Thank you from buying from XYZ1, we'll process your order shortly." 6th email: "Thank you from buying from XYZ2, please leave a review. We'll ship the item with 5 days." 7th email: "XYZ1 has processed your order and it is ready for shipping." 8th email: "Amazon your orders from XYZ1 and XYZ3 are being shipped" 9th email: "We've shipped your order (no tracking details include, please use our ad-filled portal instead of us giving you the tracking number here). Please tell everyone how great XYZ3 is. If not, let us know first." Etc.. I won't fill out the other 8 emails you may get. You know the drill by now. I used to do all my online shopping on Amazon, I'm sorry for helping to create them. Now I actively search elsewhere.
57. Re:Redundant by Obfuscant · 2017-03-06 15:08 · Score: 0
  
  You're begging the question. SPAM is unwanted mail. You "wanted" it by opting in at some point (probably within the context of a purchase or something).
  Like I said, that's the lie that spammers use to excuse their spam. No, sorry, I did not want it, nor did I "opt-in" to it.
  
  Someone who doesn't intend to spam will provide an opt-out link. It's 2017, not 2002. Use it.
  I am certain that I've already commented on this. Someone who doesn't intend to spam DOESN'T SPAM IN THE FIRST PLACE. And many "opt-out" links are invalid to start with, have no effect when they aren't outright invalid, and don't work well with a true email reader (that isn't a web browser.)
  
  If you can't reject at the SMTP level then that means you're not running your own mail server.
  You're pretty quick.
  
  Every ISP or mail service in the last 20 years has maintained abuse accounts
  
  Yeah, complaining to the spammers ISP or mail service is such a productive use of time. IF the spammer's ISP obeys the RFCs and has an abuse address at all.
58. Re:Redundant by whoever57 · 2017-03-06 15:11 · Score: 1
  
  Because I run my own mailserver, I see that at least one of my addresses has escaped into the wild, but the spammers appear to mis-process it, so I see hits to .
  
  --
  The real "Libtards" are the Libertarians!
59. Re:Redundant by Obfuscant · 2017-03-06 15:18 · Score: 0
  
  they mailed me at least 8 different 1.5" thick catalogs in the post for the next several years
  
  I like catalogs like that. They are much easier to use than an online search -- even though Mouser and Newark are getting much better. It's still easier, and more fun, to scan the pages looking for something by sight instead of having to come up with all the right search terms for it. And it is much easier when you're dealing with pieces that go together, like what plug matches this particular socket. It seems the online catalogs aren't very good at telling you that, at least I've not found them to be, but the paper catalogs usually have the matching bits on the same or next page. And if you want the three-pin version of something after you've found the four pin, bingo, it's on the previous line, not another search.
60. Re: Redundant by Anonymous Coward · 2017-03-06 17:24 · Score: 0
  
  Jeez, I wouldn't want you for a customer even if you were as rich as Trump. Unless I was selling tranquilizers or euthanasia kits.
61. Re:Redundant by radarskiy · 2017-03-06 18:52 · Score: 1
  
  That's why you never use the bare address for anything. Any mail that then goes to the undecorated x@gmail.com address is either spam or faulty storage and can be automatically discarded.
62. Re:Redundant by Anonymous Coward · 2017-03-06 19:29 · Score: 0
  
  by signing up, you've agreed to receive the newsletter
  
  Agreed, because it was likely clearly stated in a document linked ten levels deep, right near the middle in white-on-white text, "by purchasing products from xyz store, you agree to receive spam; that our unsubscribe link goes to a page which will crash in a manner which appears accidental and that we will not respond to your emails relating to our broken unsubscribe page."
  What sort of idiot clicks the 'I agree' button without reading (or agreeing!) the T&C and privacy policy?
  Probably the same kind that skips over software EULAs? And signs the delivery guy's pad without a second thought.
  And pays the restaurant note without reading it.
  How long should I go on, before you interrupt me?
63. Re:Redundant by marka63 · 2017-03-06 19:38 · Score: 1
  
  If I order a pizza from Pizza Hut or Dominos here in Australia. Neither Pizza Hut nor Dominos has the legal right to send me any advertising ever. The *only* thing they have a legal right to send me is email related directly to that transaction. They are also not permitted to tick check boxes saying that you request advertising material. They are also not permitted to send SMS messages except as related to the transaction in progress. They are permitted to send me mail that the post office delivers.
  Now if Pizza Hut and Dominos can do that here they can do that everywhere in the world.
64. Re:Redundant by Anonymous Coward · 2017-03-07 00:45 · Score: 0
  
  No. Spam is UNSOLICITED e-mail. There is a difference between unsolicited and unwanted.
65. Re:Redundant by easyTree · 2017-03-07 02:04 · Score: 1
  
  Please do go on a little more - we're entering useful-tip territory.
  
  --
  Requiem for the American Dream
66. Re:Redundant by gmack · 2017-03-07 02:15 · Score: 1
  
  The opt out link doesn't always work even for legitimate senders. I have had a few places keep sending me email after the return link errored out.. or in one case, I lost the password and they would not change the account settings without it. In both cases, I blocked them at the mail server (rejected, not bounced) and when I got around to removing the block 6 months to a year later, I was removed from whatever list I was on.
67. Re: Redundant by Anonymous Coward · 2017-03-07 03:02 · Score: 0
  
  UCE is not spam. Spam is called spam in reference to the canned pork product - specifically because of the joke that no one knows where it comes from and no one likes it. Both are junk email.
  People who use words should really know what the words actually mean.
68. Re: Redundant by cloudmaster · 2017-03-07 03:08 · Score: 1
  
  I use "storename.or.website@catchall.domain" pretty consistently here in the US, and I've found a huge number of stores which apparently do provide their mailing lists to anyone and everyone. Equifax - the "reputable" credit reporting company - seems to be among the worst; I get a ton of spam to equifax@catchall.domain.
  I should probably publish a list online somewhere from my spam logs... :)
69. Re:Redundant by thomn8r · 2017-03-07 05:15 · Score: 1
  
  by signing up, you've agreed to receive the newsletter
  the ability to remove yourself from their list, after agreeing to receive their emails, is why they don't get fined
  Not when I buy something for my wife from store "A" and specifically un-check the "Send me more shit" button, but now I'm getting emails from stores "B" through "Z" for more. If I'm ever in charge of a corporate firewall again, you bet your sweet bippy that mailchimp, constant contact, et al are going to /dev/null
70. Re:Redundant by thomn8r · 2017-03-07 05:17 · Score: 1
  
  Plus most of these stores seem to honor a remove from list request.
  "It may take 4 to 6 weeks for your unsubscribe request to be processed..."
71. Re:Redundant by doccus · 2017-03-07 05:25 · Score: 1
  
  Have you TRIED ever unsubbing? Even with "respectable" publications such as certain computer publications, it seem to have no effect whatsoever. And these other ones that automatically pass your email to all their other associated pubs, and I find myself unsubbing the same ones over and over. And it's a lot of them
72. Re:Redundant by Anonymous Coward · 2017-03-07 10:16 · Score: 0
  
  Please do go on a little more - we're entering useful-tip territory.
  Just the tip though
73. Re: Redundant by Anonymous Coward · 2017-03-07 14:42 · Score: 0
  
  You don't use the opt out link, so how do you know well it works?
  I use unique email to know when my email gets whored. I'm also Canadian, so I refer to our anti-spam laws for abuse gudelines. Since it came into law, I've only had to tell two companies about the law, and they listened. I've used unsubscribe links much, much more that works.
  My real issue is when I Bug something and then newsletter mail comes to my PayPal address. There's only one cunt who keeps sending me email, and that's TomTop.
  Start naming specifics if you don't want to be a whiny bitch.
74. Re: Redundant by Anonymous Coward · 2017-03-07 14:54 · Score: 0
  
  Keep in mind, spammers can send to random and plausible addresses all the time. If you have a catch-all, you'll see a brute force spam quite often.
  So don't just use equifax@yourdomain.com, use equifax2536@yourdomain.com. The more popular services like Newegg or Equifax (especially financial stuff like banks) are easy guesses for spammers and not conclusive they actually sold your email address.
75. Re: Redundant by Anonymous Coward · 2017-03-07 15:03 · Score: 0
  
  So emails that takes very little digital space is more of a problem than receiving unsolicited catalogs that takes up actual mailbox space and requires you to physically deal with it?
  You're on your own.
76. Re: Redundant by Anonymous Coward · 2017-03-07 15:20 · Score: 0
  
  Getting step by step progress is nice, but I donâ(TM)t know what the fuck you're getting on with.
  Order received
  Order shipped
  Order delivered
  If issue, there is more, but you are exaggerating to the point you don't have credibility and look like a stupid cunt.
77. Re: Redundant by Anonymous Coward · 2017-03-07 15:38 · Score: 0
  
  Dyslexic?
78. Re: Redundant by Anonymous Coward · 2017-03-08 00:41 · Score: 0
  
  That's true and not many times you can unsubscribe 100 times and they will not really unsubscribe you and reporting it gets you nowhere. There is an email set up spam@UCE.gov for reporting spam but I have never seen any spam I recorded actually stop coming another typical government agency that does nothing
79. Re: Redundant by Anonymous Coward · 2017-03-08 00:45 · Score: 0
  
  You're not talking about spam if it's from legitimate companies you've done business with and you have an opt out in less you have opted out and they continue to send it to you which happens very often all you have to do is have one of your contacts that has your email address yet a virus or malware and you are screwed I have two email addresses they get about 150 spam emails a day from spambots total garbage with click bait with the links that will ultimately destroy your computer and possibly impact your life with ransomware or some other horrendous crap. With all the tools and knowledge the NSA and other departments have this is utterly ridiculous that spam is still an issue at the government wanted to stop at they could.
80. Re: Redundant by Anonymous Coward · 2017-03-08 13:46 · Score: 0
  
  Why bother? If it bothers you, associate the sender or subject with spam and let it go to the permanent circular file. Better yet, just ignore the unopened email. I wonder why all you obsessive compulsive disordered people even open these emails. If it's not from someone important, just let it sit there. Unopened. Don't look at it. It's like looking in a magazine and seeing an advertisement for hemaroid cream: Does it outrage you that's it's there or do you ignore it? Do you treat it? Or do you just let that advertisement dingleberry dangle there. Find something important in your life to focus on. Let it go.
Source article by Anonymous Coward · 2017-03-06 06:44 · Score: 5, Informative

Vickery's own writeup is here.
1. Re:Source article by Anonymous Coward · 2017-03-06 07:59 · Score: 2, Insightful
  
  Wait, what? MacKeeper? The malware that advertises all over porn sites? If they "investigated" some spammer, rest assured that it's all part of a dastardly plot on MacKeeper's part.
Jail!! by Anonymous Coward · 2017-03-06 06:46 · Score: 0

This kind of crap will not stop until programmers and businessmen go to prison. Let's get all those NSA spies doing something worthwhile
1. Re:Jail!! by Anonymous Coward · 2017-03-06 07:32 · Score: 0
  
  Well now isn't this funny. I remember the old days when every rich idiot seriously advocated the death penalty for spammers. "Kill them all," you opined. "Kill them for annoying me because I can afford an e-mail account. The Internet isn't cheap, you know. Only elite cultured eloquent folk belong on our gentleman's Internet for the wealthy. I shouldn't have to read commercial rubbish from low class salesman."
  Now you advocate jail, instead? What happened, good sir?
2. Re: Jail!! by Anonymous Coward · 2017-03-07 16:50 · Score: 0
  
  I've always wanted to write a movie about a spam that ruined some navy seal's life and then goes and tracks down the spammers and shoots them all in the face. A few were slower deaths.
  Just having trouble figuring out how the spam killed his wife, baby and dog.
JUST LIKE HERPES by Anonymous Coward · 2017-03-06 06:49 · Score: 0

Chances are you, or at least someone you know, is affected.
ahem *MacKeeper*? by fustakrakich · 2017-03-06 06:49 · Score: 2

I want a second opinion

--
“He’s not deformed, he’s just drunk!”
1. Re:ahem *MacKeeper*? by Anonymous Coward · 2017-03-06 06:56 · Score: 0
  
  macOS "Insecurity" firm - MacKeeper
2. Re:ahem *MacKeeper*? by DontBeAMoran · 2017-03-06 07:34 · Score: 1
  
  Funny because when a unwanted browser window/tab pops on my screen, it's for MacKeeper.
  
  --
  #DeleteFacebook
3. Re:ahem *MacKeeper*? by sit1963nz · 2017-03-06 08:31 · Score: 1
  
  Thats like asking "Syphilis " I want a second opinion.
  
  Please hit your hand hard with a hammer, it will be less painful than trying to remove MacKeeper.
4. Re:ahem *MacKeeper*? by Anonymous Coward · 2017-03-06 09:41 · Score: 0
  
  https://en.wikipedia.org/wiki/...
  
  Zeobit has been accused of employing misleading advertising with regard to its promotion of MacKeeper, including aggressive affiliate marketing, pop-under ads and planting sockpuppet reviews as well as websites set up to discredit their competitors.[26][28] Kromtech has also had issues with affiliate advertisers, attracted by the 50 percent commissions Kromtech pays for sales of MacKeeper, who've wrapped MacKeeper ads into adware
  Like half of their entire article is negative.
  I guess when wikipedia shits on you to that extent, you know it's bad.
  But if the spam bust turns out to be legit, I guess it might be a net gain in the end.
5. Re:ahem *MacKeeper*? by Anonymous Coward · 2017-03-06 09:42 · Score: 0
  
  You should use Privoxy, then you won't see unwanted browser window/tab pops. It's been available in Homebrew and Macports for like eva.
Can someone post a download link? by downright · 2017-03-06 06:53 · Score: 3, Interesting

I want to see if I'm on it. Yeah. That's why. Just Kidding. :-)
1. Re:Can someone post a download link? by Anonymous Coward · 2017-03-06 06:59 · Score: 2, Insightful
  
  You might be, I'm not. I want to see what kind of personal information was leaked about me or my family. I'm guessing it'll take me a day to find a torrent or magnet link for it.
2. Re:Can someone post a download link? by sizzlinkitty · 2017-03-06 12:07 · Score: 2
  
  I'm looking for the torrent as well, will post if i find it.
BetaNews? by Anonymous Coward · 2017-03-06 06:55 · Score: 1

So instead of linking to Steve Ragan's fantastical two-page report, the mod (who previously worked for BetaNews) has linked to a lame 250-word incomplete article on BetaNews... what a surprise!!! BetaNews needs to disappear. It's just stealing content from other publications and this mod is pushing their crap like it's CNN or Reuters.
1. Re:BetaNews? by b0bby · 2017-03-06 07:25 · Score: 3, Informative
  
  The indignant AC didn't post the link, but I assume it's this one:
  http://www.csoonline.com/artic...
  And yeah, it's a way better article.
2. Re:BetaNews? by SandorZoo · 2017-03-06 08:00 · Score: 2
  
  I guess this article is the one AC is referring to. Seems legit, but a little too esoteric for me to follow. It has links to other sources.
3. Re:BetaNews? by Anonymous Coward · 2017-03-06 09:49 · Score: 0
  
  Dude, it's the internet... the fact that an article spans two or more pages should give you a clue that CSO online are a bunch of money-grabbing scumbags depedant on advertising revenue over the presentation of quality information.
They seem to have "inside" contacts. by Vlad_the_Inhaler · 2017-03-06 06:59 · Score: 1

The leaking servers went dark during the process of notifying law enforcement and the major companies.
Presumably this means RCM has contacts within Law Enforcement, Microsoft or Yahoo.

--
Mielipiteet omiani - Opinions personal, facts suspect.
1. Re:They seem to have "inside" contacts. by Zocalo · 2017-03-06 07:05 · Score: 3, Funny
  
  Or maybe they just have an intrusion detection system and Vickery or one of his helpers tripped over it while exfiltrating the data. Hopefully they've got enough for law enforcement to identify at least some of those involved and, ultimately, send them for a lengthy stay somewhere where they need to worry about unsolicited male.
  
  --
  UNIX? They're not even circumcised! Savages!
2. Re: They seem to have "inside" contacts. by Anonymous Coward · 2017-03-06 07:24 · Score: 1
  
  You mean getting my fisted in the shower room by your father? That's your good morning routine. Hehe.
Taking the law in to your own hands by Anonymous Coward · 2017-03-06 07:02 · Score: 0

"and fair bit of illegal hacking techniques."
So Vickery openly admits to breaking the law in his attempt to prove his assertion. In the process, he or his team engaged in illegal activity to learn what they did.
I understand that he was working for a good cause, but if we are now going to make the case that once someone engages in illegal activity, they are no longer entitled to legal protections, then you lost me.
1. Re:Taking the law in to your own hands by Anonymous Coward · 2017-03-06 07:11 · Score: 0
  
  "and fair bit of illegal hacking techniques."
  So Vickery openly admits to breaking the law
  What are you talking about? Vickery isn't the one who did the hacking. They are saying that the information in the spam database was hobbled together via hacking (among other things). In other words, the spammers did the hacking, not Vickery.
  
  At least that is how it reads to me.
2. Re:Taking the law in to your own hands by Anonymous Coward · 2017-03-06 07:13 · Score: 0
  
  I think you need to read it again. The statement doesn't say Vickery was involved in a "fair bit of illegal hacking techniques" it states that the spam network was aided by them.
3. Re:Taking the law in to your own hands by Anonymous Coward · 2017-03-06 07:14 · Score: 0
  
  the spam was helped by the illegal hacking, not the investigation
Doesn't it just figger... by Anonymous Coward · 2017-03-06 07:02 · Score: 0

...the biggest spammer in the world is a... NAGGER!!
I don't suppose... by Anonymous Coward · 2017-03-06 07:21 · Score: 0

I don't suppose we could expect this to result in the Feds kicking in a door and arresting some spammers? Didn't think so.
I don't get any spam by Anonymous Coward · 2017-03-06 07:23 · Score: 1

I have a perfect solution for the spam problem. It's called NOT ASSOCIATING WITH PEOPLE. You motherfuckers are the motherfucking source of all spam. That's right. You. Fuck you. As soon as I decided never ever to talk to you fucking fuckers ever again, suddenly I stopped receiving spam. You people are the problem. FUCK! YOU!!
1. Re:I don't get any spam by Incadenza · 2017-03-06 07:43 · Score: 1
  
  I've got a t-shirtfor you.
2. Re:I don't get any spam by Anonymous Coward · 2017-03-06 08:05 · Score: 0
  
  Don't buy the t-shirt.
  Download the track for free.
Send everyone an email to let them know by jfdavis668 · 2017-03-06 07:23 · Score: 4, Funny

Download the database, and keep email everyone on the list that they are subject to spam emails. Do this every night to make sure they know. Add a few ads to help pay for the project.
1. Re:Send everyone an email to let them know by DontBeAMoran · 2017-03-06 07:37 · Score: 1
  
  https://www.youtube.com/watch?...
  
  --
  #DeleteFacebook
2. Re:Send everyone an email to let them know by Anonymous Coward · 2017-03-06 07:42 · Score: 0
  
  Reply to all.
3. Re:Send everyone an email to let them know by Falos · 2017-03-06 07:53 · Score: 1
  
  guys pls stop hitting "Reply All"
4. Re:Send everyone an email to let them know by Anonymous Coward · 2017-03-06 10:13 · Score: 0
  
  Look who's talking. Couldn't you just keep that to yourself? Moron.
Unsolicited males by tomxor · 2017-03-06 07:38 · Score: 1

send them for a lengthy stay somewhere where they need to worry about unsolicited male
They certainly will need to worry about unsolicited males.
1. Re:Unsolicited males by Anonymous Coward · 2017-03-06 16:23 · Score: 0
  
  send them for a lengthy stay somewhere where they need to worry about unsolicited male
  They certainly will need to worry about unsolicited males.
  In my neck of the woods, unsolicited females are the problem.
The unsubscribe option means one thing by future+assassin · 2017-03-06 07:51 · Score: 1

you validated a real email address that is important enough to you to use the unsubscribe.

--
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
You say we got trouble? by Anonymous Coward · 2017-03-06 07:55 · Score: 0

Wait a minute, we got trouble, right here in River City?
Are you affected? by andrewa · 2017-03-06 08:03 · Score: 4, Funny

Just provide the following details and we will search the leaked database to determine if your details are compromised.
First Name:
Last Name:
Email:
Phone:
SSN:
[Submit]

--
:(){ :|:& };:
1. Re:Are you affected? by JoeMerchant · 2017-03-06 08:16 · Score: 1
  
  That's not SPAM, that's a fish.
2. Re:Are you affected? by Anonymous Coward · 2017-03-06 09:10 · Score: 0
  
  Why do you need all those details? Can't you just check if my credit card number is in the database?
3. Re:Are you affected? by Anonymous Coward · 2017-03-06 09:38 · Score: 0
  
  Mashed fish is what SPAM is made out of, after all. Why not have some phish with your spam?
4. Re:Are you affected? by Anonymous Coward · 2017-03-06 22:14 · Score: 0
  
  First Name: Donald
  Last Name: Trump
  Email: potus@twitter.com
  Phone: Just get hold of me on Twitter
  SSN: 666 666 666
Location? by Anonymous Coward · 2017-03-06 08:23 · Score: 0

Slightly aged cruse missile for sale. Anyone have a location of the operation?
exposed database and nobody has the brains to drop it? Or better fill it with Gov emails.
Awesome! Clickbait with no database source by Anonymous Coward · 2017-03-06 09:18 · Score: 1

More clickbait with no link to the exposed database.
Click Click Click Click Click Click Click Click Click Click Click Click Click Click Click Click Click Click
Make Slashdot rich!
Need to download this... by MiniMike · 2017-03-06 09:36 · Score: 1

Would like to use this list to seed my e-mail blacklist...
How ironic by mandark1967 · 2017-03-06 09:47 · Score: 2

Since the spammers had personally identifiable information, they're now required to contact those affected to notify them of the breach and what those affected by the breach should do to protect themselves, and get larger breasts naturally.

--
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
OMG...HAHAHA...TOO FUNNY by Anonymous Coward · 2017-03-06 10:15 · Score: 0

ARE YOU KIDDING ME!!!???
"Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper..."
I just spent a half hour today removing that MacKeeper crap off a client's Mac. Hello Pot...meet Kettle....
are we on it? by Anonymous Coward · 2017-03-06 10:27 · Score: 0

So how do we know if we were on it?
Has a copy been given to haveibeenpwned and similar services?
Where's the bloody link??? by execthis · 2017-03-06 10:57 · Score: 1

Link to the data???
How has it been exposed if I can't download it?
MacKeeper by Mordaximus · 2017-03-06 21:02 · Score: 1

"Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper"
Say no more; our news source is the much maligned, borderline malware vendor, probably trying to drum up business.
1. Re:MacKeeper by ezdiy · 2017-03-07 03:37 · Score: 1
  
  Given the methods employed by mackeeper, either a disgruntled "business" partner of RCM, or a competitor.
  
  I, for one, welcome this new trend of one online crook outfit snitching on another.